Canadians are concerned about their privacy, right? I know, because they tell me so on Facebook. Go figure.
On one hand, we say we care about our privacy. And then we engage in activities, especially online, that compromise our privacy. So are we privacy hawks or, in this age of social media, do we believe privacy is dead?
Actually, the answer is somewhere in between.
Read the Winnipeg Sun Article HERE>>
Leave a Comment » | 
Facebook, Government, Privacy, Social Networking Websites, Video Surveillance, Youth | 
Permalink
Posted by Brian Bowman
Have you ever wondered if an electronic document like an e-mail or a scanned image can be used instead of a paper document to meet a legal requirement? How about using an electronic signature as opposed to a written signature?
Unfortunately, the provincial government’s dithering over the past decade will not help you answer these important questions.
Manitoba’s e-commerce legislation, called The Electronic Commerce and Information Act, was passed in the Manitoba Legislature in 2000. It was then billed as a cutting edge law that would help Manitobans to prosper in the online world.
Leave a Comment » | Government, Internet, Online Shopping, Sale Transactions, Technology | Tagged: E-mail, Government, Internet, Technology | Permalink
Posted by Brian Bowman
It’s safe to say that the Alberta provincial government is regarded as being right wing. But Manitoba’s? Not at all. So why then is Alberta light years ahead of Manitoba at protecting workers’ privacy?
The above link takes you to the Winnipeg Sun. I’m delighted to have been asked by Sun Media Corp. to provide Comment columns like today’s on a monthly basis. I hope you find them of interest!
Leave a Comment » | Employee Monitoring, Government, Identity Theft, PIPA, PIPEDA, Personal Information, Privacy, Privacy Commissioner | Tagged: Employees, Government, Identity Theft, Manitoba, Personal Information | Permalink
Posted by Brian Bowman
I’m very pleased to be able to post the following conversation with Jennifer Stoddart.
Since becoming Canada’s Privacy Commissioner in 2003, Commissioner Stoddart has undoubtedly raised the value of privacy in a time when security, trade, technology and consumer expectations have created a volatile atmosphere for our personal information. I might add that she has accomplished this admirable feat with passion and professionalism. As a result, Canadians have been exceptionally well-served.
Of course, I’d like to thank Commissioner Stoddart for agreeing to engage in this online Q & A conversation. If you’d like to learn more about Jennifer Stoddart, the Office of the Privacy Commissioner of Canada (the “OPC”) or the issues raised in this conversation, I’d encourage you to visit the OPC’s website and blog.
Q. How did you get involved in the world of privacy?
A. Back in the spring of 2000, I happened to read an article in the New York Times Magazine by the noted American legal scholar Jeffrey Rosen. Prof. Rosen was explaining how personal privacy was being subtly eroded in the digital age. I was fascinated.
I was working at the Quebec Human Rights Commission at the time. The next week, I was asked to head up Quebec’s Access to Information and Privacy Commission, and that’s the field I’ve been in ever since.
Q. But it’s coming to an end.
A. Sadly. My seven-year term as Privacy Commissioner will wind up this year. On the plus side, though, I can look back with considerable pride at the progress we’ve made. The encroachments on privacy in this digital era really are staggering, but that doesn’t mean we’re letting them bowl us over.
Last year’s investigation into a complaint against Facebook was surely the most high-profile example of the kind of influence we have. And beyond that I would say that we’re making a meaningful difference, in countless other ways, every day of the year.
Q. What are the most rewarding aspects of being the Privacy Commissioner of Canada?
A. Certainly one of the most rewarding things for me is to know that our work matters, that it has a real and positive impact on the lives of Canadians.
As you know, it’s become fashionable in some circles to suggest that privacy is pretty much dead in this era of digital exhibitionism. But I think that’s totally wrong. And the best evidence for that was the worldwide response to our Facebook investigation.
Privacy may look different today than it did a generation – or even a decade – ago. But it remains an incredibly important and cherished value to Canadians. And to the extent that my Office can help protect that value, and advance privacy rights, I would say that is the most rewarding aspect of my job.
Q. What do you consider to be the greatest challenges for the Office of the Privacy Commissioner of Canada?
A. Our biggest challenges are the same that preoccupy data-protection authorities around the world: How to safeguard privacy rights in the face of so many rapidly changing technologies. You yourself have blogged about many of them – cloud computing, behavioural marketing, genetic technologies, to name just a few.
We’re seeing unimaginable quantities of data flash around the world, including to countries where data-protection laws are slim to non-existent. We’re also seeing technologies employed in the service of national security and law enforcement, but they’re guarded behind a wall of secrecy.
So the challenges are real, and they are huge.
Q. So how does an Office like yours keep up?
A. I guess the short answer is: By working smarter. We have zeroed in on four priority privacy challenges that are shaping and streamlining our work for the years ahead: information technology, genetic technology, national security and the protection of identity integrity.
We are re-engineering our internal processes to better handle the complaints and inquiries that come to our Office. We’re picking and choosing our privacy audits and our communications and public outreach efforts in order to maximize our impact. We’re ramping up our issuance of guidance, on the theory that an ounce of prevention outweighs a pound of cure. And we’re working with the global data-protection community, since so many of the challenges are international in scope.
But, most important of all, we’ve recently attracted an infusion of very bright, very knowledgeable – and in many cases young – new employees to key positions in our Office. They are really making a difference.
Q. If you could make a few recommendations for Canadian business leaders, what would you say?
A. First I’d thank them for having embraced PIPEDA, the Personal Information Protection and Electronic Documents Act as it came into force over the past nine years. When I look at the situation of our neighbours to the south, where there is no single law at the federal level to protect the personal information of consumers in a commercial setting, I am deeply gratified by the way things can work up here.
Beyond that, I would encourage business leaders to continue to consult the guidelines we issue on specific topics for the purpose of clarifying the responsibilities of organizations under PIPEDA. And we invite them to work with us to fill any other information gaps they may have encountered.
I also want to take this opportunity to mention that data breach notification will become mandatory – and I suspect that will happen sooner rather than later. So I would encourage business leaders to start giving some thought now to how they can bring their processes into compliance.
Q. Do you have any “privacy-related” predictions for 2010?
A. I don’t think you need a crystal ball to conclude that national security will continue to dominate the privacy landscape in the year ahead. The controversy that erupted over Transport Canada’s deployment of millimetre-wave scanners at Canadian airports was just the first of the privacy-related issues that we can expect to be hearing about in 2010.
And stay tuned for more during and after the Vancouver Olympics. There, one of the big issues will revolve around the pervasive crowd surveillance measures, and what will happen with all the cameras and recordings after the flame is extinguished.
I’ll just mention two other issues of particular interest to our Office, because we will be consulting Canadians on them in the next few months. The first will focus on the tracking, profiling and targeting of consumers by marketers and other businesses, and we’ll be hosting consultation forums on that topic in Toronto in April and Montreal in May. Soon after, we’ll organize another forum to discuss the privacy implications of cloud computing.
9 Comments | Airport Security, Government, PIPEDA, Personal Information, Privacy, Privacy Breach, Privacy Commissioner, Privacy Commissioner of Canada, Security | Tagged: Government, Personal Information, PIPEDA, Privacy, Privacy Breach, Privacy Commissioner of Canada, Privacy Compliance, Security | Permalink
Posted by Brian Bowman
Call off the strike, some trade unions are protecting more than their members’ collective bargaining rights. In fact, many unions have taken a proactive approach to privacy by creating policies that attempt to comply with the benchmarks set out in the federal Personal Information Protection and Electronic Documents Act (“PIPEDA). However, there hasn’t yet been a case summary or court action under PIPEDA that definitively determines whether a union that collects personal information in their general capacity is obligated to observe the rules outlined in the legislation. As a result, some unions are complying with PIPEDA’s obligations to protect their members’ privacy and, regrettably, some unions are not.
The application of PIPEDA is dependent on the existence of a “commercial activity.” Although this term is vague, the case is strong that most union activities are, in fact, captured by PIPEDA. What is certain is the application of Alberta’s privacy legislation, the Personal Information Protection Act (“Alberta’s PIPA”), to the management of personal information by unions. The application of Alberta’s PIPA is not dependent on the existence of a “commercial activity”. As a result, a 2006 Investigation Report from the Alberta Information and Privacy Commissioner found that the collection of personal information by unions in their general capacity subjects them to the requirements found in Alberta’s PIPA. Manitoba’s Bill 219, The Personal Information Protection and Identity Theft Protection Act (the “Manitoba Bill”) is modeled after Alberta’s PIPA. Similar to Alberta’s PIPA, the application of the Manitoba Bill does not depend on whether an organization is engaged in a “commercial activity.”
As I’ve argued in previous posts, the Manitoba Government should support the Manitoba Bill (which was introduced as a private member’s bill by opposition member, Mavis Taillieu). The Manitoba Bill creates a level of certainty with regards to the privacy rights of union members. That’s one of the many reasons why the Manitoba government should ”cross the picket lines” to privacy and support the Manitoba Bill in this fall session of the Manitoba Legislature.
Leave a Comment » | Government, PIPA, PIPEDA, Personal Information, Privacy | Tagged: Bill 219, Government, Manitoba, Personal Information, PIPA, PIPEDA, Privacy, Unions | Permalink
Posted by Brian Bowman
Have you heard the saying “Just when you think you understand the situation, what you don’t understand is that the situation has changed”? If you think you understand The Personal Information Protection and Electronic Documents Act (“PIPEDA”), get ready… changes may be just around the corner.
PIPEDA was introduced back in 2001. It requires the Canadian Government to review the law every five years. To this end, the House of Commons Standing Committee on Access to Information, Privacy and Ethics (the “House of Commons Committee”) conducted its review and held public hearings from November 2006 to February 2007, where it heard from over 60 witnesses and considered over 30 submissions from a wide range of interested organizations and individuals. I had the pleasure of appearing before the House of Commons Committee to present the Canadian Bar Association’s National Privacy & Access Law Section’s submission, which you can read here. The House of Commons Committee issued its report to Parliament in May 2007 (which outlined 25 recommended changes to the law), to which the Canadian Government subsequently issued its response in October 2007. As part of the Canadian Government’s response, further public consultation on key issues was requested. A link to the Office of the Privacy Commissioner’s reply to this request can be read here and the Canadian Bar Association’s response can be read here.
Changes to PIPEDA may include:
The Industry Canada website targets 2009/10 for the implementation of changes resulting from this first PIPEDA review. Yet, there is no definitive time frame, so stay tuned. Changes may be just around the corner.
1 Comment | Government, PIPEDA, Privacy, Privacy Breach, Privacy Commissioner, Security Breach | Tagged: Businesses, Data Protection, Due Diligence, Employees, Identity Theft, Personal Information, PIPEDA, Privacy, Privacy Breach, Privacy Commissioner, Privacy Compliance | Permalink
Posted by Brian Bowman
The Manitoba Ombudsman‘s Office recently released its annual report outlining the activities of its Access and Privacy Division in 2008. Here are some highlights…
Of the 198 new access complaints that were launched, 134 (68%) dealt with “refused access”. This indicates that the provincial government and public bodies either have to be more willing to grant access when requested or do a better job at explaining their rationale for refusing access. Of the 207 cases that were closed in 2008, 38% of the complaints were supported by the Ombudsman, 35% were not supported and 5% were resolved before the Ombudsman could issue a finding. This indicates that all of the complaints brought to the Ombudsman are not without merit. The public appears to have a relatively good understanding of what their rights are under FIPPA and PHIA.
The Ombudsman has also been proactively involved in the development stages of legislation and programs in order to address potential privacy issues. For example, the Ombudsman expressed concerns about the technology used in Enhanced Drivers Licenses (EIC). Radio Frequency Identification chips store the necessary information on the EICs, but the chips are always “on”, meaning that they can be read by unauthorized individuals. This concern is being addressed by providing the cardholder with a protective sleeve. However, if the sleeve is ripped, torn or used improperly, it will not provide the necessary protection. Therefore, the Ombudsman has stressed that it is essential that individuals understand the privacy implications of opting into the EIC program.
The Ombudsman was also been involved in assessing the use of closed-circuit television monitoring by Winnipeg Police, who have agreed to follow the recommendations of the Ombudsman and will not live-monitor the cameras and will work towards developing retention policies and technology to “sever” individuals from images which are not relevant.
Overall, the Ombudsman largely applauds public bodies and government agencies for addressing privacy concerns in the development phases of new programs and legislation. However, it is clear that public bodies need to do a better job of dealing with access requests.
Leave a Comment » | Access to Information, Government, Ombudsman, Privacy | Tagged: Privacy, Manitoba Ombudsman, Access to Information, FIPPA, PHIA, Government, Enchanced Drivers Licenses (EIC), Manitoba | Permalink
Posted by Brian Bowman
It’s been a thrilling week for my colleagues at Pitblado LLP as it was announced earlier this week that we were to be the 1st Canadian law firm to be a guest blogger on the must-read slaw.ca. Yours truly, three of my colleagues from our firm’s Information & Ideas Practice Group as well as our firm’s librarian each contributed one post a day this week to slaw.ca on cutting edge legal topics. Here’s what we covered…
On Monday, I posted “What Would Happen If One of your Employees Posted a Video of an Irate Customer on YouTube?”, which I cross posted on my blog earlier this week. The post highlights a YouTube video of an irrate customer as a reminder to Canadian businesses of the powers of new technologies such as YouTube and the corresponding need to protect against the dissemination of this type of video through employee privacy training and the adoption and enforcement of privacy and procedures.
On Tuesday, Carol Lynn Schafer posted “Do TOS Have the Final Word on our Fundamental Rights and Freedoms?”, which discusses the controversial effects of Terms of Service on popular websites such as Facebook and Twitter. As Carol Lynn notes, Terms of Service should be drafted with the bigger picture in mind and can no longer be seen as standard agreements that can be treated with a one size fits all approach.
On Wednesday, Jolin Spencer posted “Whose Property Is It, Anyway?”, which discusses the questions that come into play when employees leave their positions. For example, what can an employee take, and what must they leave, when they vacate their position? As Jolin points out, no business wants its intellectual property assets walking out the door with a former employee.
On Thursday, our firm’s librarian, Karen Sawatsky, posted “Legal Research Bootcamp – Winnipeg Style”, which discusses her experience collaborating with members of the Manitoba Bar Association and the Law Society of Manitoba to create a CLE for articling students on legal research. The Legal Research Bootcamp is a first for Manitoba students, and aims to bridge the gap between when students start their articles and when CPLED begins in the fall.
And last but not least, today Adam Herstein posted “Manitoba: Innovative Fighter of Child Sexual Exploitation”, which focuses on Manitoba’s recent enactment of The Child and Family Services Amendment Act (Child Pornography Reporting) (Manitoba) and how Manitoba is the first province in Canada to enact legislation that makes it mandatory for a person who encounters child pornography to report it to authorities. Adam also notes that Canada has a national tipline called Cybertip.ca for reporting the sexual exploitation of children.
Thanks to slaw.ca for the opportunity to contribute!
1 Comment | Blogs, Copyright, Facebook, Government, Intellectual Property, PIPEDA, Privacy, Social Networking Websites, Technology, Training | Tagged: Businesses, Copyright, Corporate Information, Employees, Facebook, Information Technology, Intellectual Property, Internet, Inventions, Manitoba, Mobile devices, Personal Information, PIPEDA, Privacy, Privacy Breach, Privacy Compliance, Safeguarding, Social Networking, Technology | Permalink
Posted by Brian Bowman
The Manitoba Legislature is currently debating Bill 219 – The Personal Information Protection and Identity Theft Protection Act.
The Bill has been introduced as a private member’s Bill by Mavis Taillieu of the Opposition Progressive Conservative Party of Manitoba. It seeks to regulate the collection, use and disclosure of personal information by organizations in the private sector and is intended to be “substantially similar” to the federal Personal Information Protection and Electronic Documents Act (PIPEDA). It would also establish a duty for organizations to notify individuals who may be affected when the personal information an organization has collected is lost, stolen or compromised. Such a requirement would be groundbreaking in Canada (notwithstanding Ontario’s Personal Health Information Protection Act, which has a mandatory breach notification requirement).
Regrettably, the Government of Manitoba indicated in the Legislative Assembly debate last week that it has two primary concerns with the Bill. The first concern is that the Bill lacks an independent oversight body such as a Privacy Commissioner of Manitoba. Legislative rules prevent private member’s Bills from containing financial penalties and so the Bill could not contain such provisions. However, the government could add those provisions in amendments. In fact, I assisted with the drafting of the Bill and would happily provide the government with the relevant provisions. The second concern raised by the government is that the Bill would introduce legislation in Manitoba that (according to the government) would regulate activities in the private sector already governed by PIPEDA. However, PIPEDA does not apply to the activities of private sector organizations in provinces such as Alberta and British Columbia, both of whom have Personal Information Protection Acts, because PIPEDA does not apply where “substantially similar” provincial legislation exists.
The Bill was first introduced in 2005 and since that time the need for such a law has significantly grown. It’s modelled after Alberta’s Personal Information Protection Act, which provides a more business-friendly and clear legislative scheme than PIPEDA. As I’ve previously argued, it would be good policy for the Government of Manitoba to support the Bill and I once again urge them to do so.
If you want a more business-friendly privacy law in Manitoba, I’d strongly encourage you to contact the Government of Manitoba and Mavis Taillieu to indicate your support.
Additional coverage on this topic by the Canadian HR Reporter here.
2 Comments | Employee Monitoring, Government, Identity Theft, Ombudsman, PIPEDA, Privacy, Privacy Breach, Safeguarding, Safekeeping, Security Breach | Tagged: Employees, Government, Identity Theft, Manitoba, Personal Information, PIPEDA, Privacy, Privacy Commissioner | Permalink
Posted by Brian Bowman
This month’s Canadian Lawyer magazine’s feature article, entitled The Privacy Dance, profiles Canada’s Privacy Commissioner, Jennifer Stoddart. The article provides an excellent overview of contemporary privacy issues in the context of featuring the esteemed career of Stoddart.
In my view, Canada is very well served by Stoddart and her team at the Office of the Privacy Commissioner of Canada. As a result, it’s nice to see that Stoddart’s ongoing efforts to protect and promote the privacy rights of Canadians are being recognized by the Canadian Lawyer Magazine.
Leave a Comment » | Government, Privacy | Tagged: Privacy, Privacy Commissioner | Permalink
Posted by Brian Bowman
Over the past couple of years, the world has been preparing for a pandemic. Most experts believed that the avian flu was the most significant threat that faced the world, but recent declarations of a potential pandemic with confirmation of cases in Mexico, the U.S. and Canada from a swine flu have led to fears that the next pandemic is upon us. In the event of a pandemic, the government of Canada has set up a website, which will provide information to the public.
In times of fear, governments and citizens alike often overreact to address a threat. It is times like this that individuals, in addition to heeding advice about how to avoid the flu, should be vigilant about what measures the government may be taking to address this health crisis. Last summer, Canada experienced another health crisis when a strain of listeria was found in certain meat products. Tragically, by the time it was over, 21 people had reportedly died. The public health crisis was announced mid-August, but a team of researchers at Google later found that searches for the term listeriosis spiked in Canada about a month before the public announcement. An article published in the Canadian Medical Association Journal indicated that those searches lined up with the peak of the outbreak while the public announcement came while new cases were on the decline.
The analysis of aggregated search trends has been proposed as a means to fight pandemics and outbreaks of illnesses. However, even those proposing this analysis have admitted this type of analysis is complicated because it is difficult to know who is searching and why. In the Government of Canada’s News Release on April 26, 2009, a short privacy policy was cited stating that although Service Canada does not normally use cookies, if you have cookie notifications set on your browser, you would be notified. However, earlier this month, the same site indicated that the Pandemic Influenza Portal did not normally use cookies to track visitors to the site and that the system would notify you before any cookies were used so you could refuse them with no reference to what your computer settings were.
This change is a minor one but it may possibly be an indication of the small bits of privacy that Canadians will be expected to give up during these times of concern.
Leave a Comment » | Government, Health Crisis, Internet, Privacy, Security | Tagged: Cookies, Flu, Google, Government, Health, Internet, Pandemic, Privacy | Permalink
Posted by Brian Bowman
The Government of Canada announced today the introduction of anti-spam legislation called the Electronic Commerce Protection Act (“ECPA”) that “aims to boost confidence in online commerce by protecting the privacy and personal security concerns that are associated with spam, counterfeit websites and spyware.”
According to the government’s News Release, the ECPA would allow businesses and individuals to initiate civil actions against anyone who violates the law. The ECPA deals with unsolicited text messages, or “cellphone spam”, as a form of “unsolicited commercial electronic message”.
It would establish a regulatory enforcement regime that would enable the CRTC to impose penalties of up to $1 million for individuals and $10 million in all other cases. The Competition Bureau would use a penalty regime already provided for in the Competition Act, and the federal Privacy Commissioner‘s powers to cooperate and exchange information with her counterparts would be expanded in respect of the Personal Information Protection and Electronic Documents Act.
The ECPA is nearly 70 pages long. Stay tuned to this blog. As soon as I’ve been able to digest the content I’ll post again on how the ECPA is likely going to affect Canadian businesses, especially those enaged in online marketing.
2 Comments | Government, Identity Theft, Internet, Marketing, Online Shopping, PIPEDA, Privacy, Spam | Tagged: Businesses, Customers, Identity Theft, Information Technology, Internet, Marketing, PIPEDA, Privacy, Privacy Commissioner, Privacy Compliance, Spam | Permalink
Posted by Brian Bowman
British Columbia’s Supreme Court has awarded a record-setting judgment of over $1 million to a B.C. businessman for invasion of privacy as reported by Canwest News Service.
In 2005, Hal Neumann’s home was searched by the Canada Revenue Agency, who were looking for records and documents he’d already given to the government. The CRA is studying the decision to determine if they will appeal.
This judgement is significant because it demonstrates that Canadian courts are now willing to award substantial damages for an invasion of privacy. Public bodies or private sector organizations in Canada that think privacy rights don’t have teeth should reconsider after seeing this groundbreaking decision.
1 Comment | Government, Privacy | Tagged: Businesses, Case law, CRA, Government, Privacy | Permalink
Posted by Brian Bowman
Canada, U.S. laws on privacy complex
My September 3, 2008 column in the Winnipeg Free Press reports on the findings of the Privacy Commissioner of Canada regarding canada.com’s outsourcing to a U.S. based service provider. The finding highlights the complexities of Canadian and U.S. laws as they relate to the personal information of customers and reminds Canadian businesses of the need to have legal agreements with third party service providers, especially those located in the U.S.
Leave a Comment » | Due Diligence, Government, Privacy, Safekeeping | Tagged: Customers, Due Diligence, E-mail, Outsourcing, PIPEDA, Privacy, Safeguarding, U.S. Patriot Act | Permalink
Posted by Brian Bowman
Recording telephone calls could be a risky business
My April 2, 2008 column in the Winnipeg Free Press discusses the privacy implications resulting from recording telephone calls, and why it is important to let your customers know if you are recording their calls to you.
Leave a Comment » | Government, PIPEDA, Privacy | Tagged: Businesses, Customers, PIPEDA, Privacy, Privacy Compliance, Recording, Rights | Permalink
Posted by Brian Bowman
My December 5, 2007 column in the Winnipeg Free Press discusses the role of the Manitoba Ombudsman, and the need for a separate privacy commissioner.
Leave a Comment » | Government, Privacy | Tagged: FIPPA, Manitoba, Ombudsman, PHIA, Privacy, Privacy Commissioner | Permalink
Posted by Brian Bowman
You are currently browsing the archives for the Government category.
Ombudsman vital to public’s rights, but Doer forgets his 1999 promise to appoint a privacy commissioner
