Has one of your organization’s employees lost their iPhone or Blackberry recently? How about misplaced a file? If those devices or files contain personal information, you may have suffered a privacy breach. To learn more about how to deal with a privacy breach please watch this short video – click here>>
Privacy Breaches: Obligations and Pending Changes to PIPEDA (Video)
March 23, 2012
Leave a Comment » | 
Data Protection, Legislation Update, PIPEDA, Privacy, Privacy Breach | Tagged: PIPEDA, Privacy, Privacy Breach | 
Permalink
Posted by Brian Bowman
What’s at stake with Bill C-30 (lawful access)?
March 1, 2012
I was pleased to join CBC Manitoba’s Marcy Markusa last week for a panel debate about the proposed online surveillance Bill during Information Radio’s morning broadcast. Click here to listen to the debate (audio clip – 11:29 in length).
More to follow on this important Bill.
Leave a Comment » | Access to Information, Government, Internet, Lawful Access, Legislation Update, Monitoring, PIPEDA, Privacy, Privacy Commissioner, Privacy Commissioner of Canada | Tagged: Access to Information, Privacy, Workplace Surveillance | Permalink
Posted by Brian Bowman
Toyota advertising case raises privacy issues
November 4, 2011
In 2009, a woman initiated a lawsuit against a Californian advertising firm and Toyota U.S.A. because of an aggressive advertising campaign that she claimed was designed to make individuals believe they were being stalked by a criminal (which, in fact, turned out to be fictitious). While the charges are now being dealt with by the Los Angeles Superior Court the case raises issues in respect of the application of privacy principles here in Canada.
In 2008, Toyota Matrix advertised the “Your Other You” campaign which targeted young males. It encouraged individuals to provide someone else’s personal information, who would then receive an invitation to a fake personality test. What really happened was, the “victim” ended up receiving numerous disturbing emails from an imaginary soccer hooligan with a pitbull named Trigger. This impersonator claimed to be on their way to the victim’s house, who had no idea it was a hoax. In order to promote the advertising campaign, a fake social networking account for the stalker was even set up.
How would a similar case play out here in Canada? Under the PIPEDA framework , there would possibly be a violation of the law because of the alleged collection, use and disclosure of personal information without consent. Further, PIPEDA’s requirement that the “identified purposes” of any collection, use or disclosure of personal information would not likely met. Finally, the reasonableness test, enshrined in PIPEDA, would probably be violated. In short, the facts pertaining to the case could put the relevant parties in the crosshairs of the Office of the Privacy Commissioner of Canada and courts. As a result, the case should serve as a warning to advertising agencies to ensure that privacy law considerations are thoroughly canvassed with legal counsel before initiating campaigns involving personal information – especially where people are submitting friends’ data.
1 Comment | Facebook, Marketing, PIPEDA, Privacy, Social Networking Websites | Tagged: Marketing, PIPEDA, Privacy Compliance | Permalink
Posted by Brian Bowman
Is there such a thing as a “good” records retention service provider?
March 17, 2011
Of course, the answer is yes. But who’s the best service provider in Canada?
You see Canada’s private-sector privacy legislation (PIPEDA) requires organizations to retain personal information only “as long as necessary”, regardless of the format in which such information is held. So emails and paper records alike should only be retained as long as necessary.
I know that many organizations across Canada are struggling to develop business-friendly retention schedules that comply with the law. In some cases, these businesses are outsourcing their efforts. Do you work with such a company? Does your company offer these services? If so, I know that readers of this blog would welcome any positive recommendations. Feel free to post a “Comment” below with your thoughts.
Leave a Comment » | PIPEDA, Privacy, Retention | Tagged: Outsourcing, Privacy Compliance | Permalink
Posted by Brian Bowman
What is device fingerprinting, or machine ID?
November 4, 2010
Some online banks, e-commerce merchants and Internet-based market research firms are turning to a new technology called device fingerprinting (or machine ID as it’s often called) for online verification and fraud detection. Unlike cookies, however, which can be blocked, filtered and deleted, device fingerprinting is invisible to consumers. For website owners that use the technology, adequate disclosures, consent and safeguards are required, at minimum, to comply with privacy laws.
In fact, device fingerprinting works so well that many businesses that use it might not even be aware that they’re doing so. Is your organization using the technology? If so, it’s vital that your organization’s use of device fingerprinting complies with applicable privacy laws.
To learn more about device fingerprinting click here to view a presentation that I recently delivered alongside Steven Johnston (Senior Security and Technology Advisor, Office of the Privacy Commissioner of Canada) and David Stark (CIPP, Vice President, Compliance and Privacy Officer, GFK Group) to the International Association of Privacy Professionals in Baltimore, Maryland. As you’ll see, the presentation includes an overview of device fingerprinting, identifies relevant privacy law issues (my contribution to the presentation), the OPC’s perspective and provides practical examples.
Thanks to the IAPP for the opportunity to present and compliments to Steven Johnston and David Stark for excellent remarks.
Leave a Comment » | Device Fingerprinting, PIPEDA, Privacy, Technology | Tagged: Information Technology, Internet, Privacy, Privacy Compliance, Technology | Permalink
Posted by Brian Bowman
PIPEDA amendments getting closer to reality
November 2, 2010
Bill C-29, An Act to Amend the Personal Information Protection and Electronic Documents Act, went through second reading in the House of Commons last week. This brings it one step closer to becoming law.
Anticipated amendments to PIPEDA include:
- a mandatory breach notification regime that would require organizations to promptly notify affected individuals and to report major data breaches to the Privacy Commissioner of Canada;
- amendments to account for the unique circumstances regarding consent in employer/employee relationships; and
- modifications to allow organizations to collect, use and disclose personal information as necessary for the conduct of business transactions, such as mergers and acquisitions.
Stay tuned…
Leave a Comment » | Bill C-29, PIPEDA | Tagged: Legislation, PIPEDA | Permalink
Posted by Brian Bowman
Another day, another privacy breach…
October 6, 2010
CBC News is reporting that ”[g]arbage bags filled with confidential financial information were found blowing around in a [Winnipeg] North End back lane Tuesday, and people living in the area say they’re furious because of it. The bags contain tax return documents that include people’s names, social insurance numbers and in many cases, addresses and other sensitive financial information.”
This and other similar news stories should serve as a reminder that PIPEDA requires organizations to exercise care in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information (for example, don’t dispose of sensitive tax information records in a back lane). Other provincial laws, such as Alberta’s PIPA and B.C.’s PIPA, have similar requirements. Disposal or destruction policies and procedures should focus on physical, organizational and technological measures.
Leave a Comment » | Identity Theft, PIPEDA, Privacy, Privacy Breach, Security Breach | Tagged: Due Diligence, Identity Theft, PIPEDA, Privacy Compliance, Safeguarding | Permalink
Posted by Brian Bowman
Privacy Commissioner tables Annual Report on PIPEDA
June 8, 2010
Earlier today, Canada’s Privacy Commissioner, Jennifer Stoddart, submitted to Parliament the OPC’s Annual Report on PIPEDA for the period from January 1 to December 31, 2009.
As the Commissioner notes, “the dominant theme of [the OPC's] work in 2009 was the protection of privacy in an increasingly online, borderless world. A case in point was the investigation that resulted in more public attention than any other in [the OPC's] history: Facebook.” The Commissioner notes two key issues, namely, Data without borders and Risks remaining in the wake of mortgage broker breaches.
Leave a Comment » | PIPEDA, Privacy, Privacy Commissioner of Canada | Tagged: PIPEDA, Privacy Commissioner | Permalink
Posted by Brian Bowman
Feds introduce amendments to PIPEDA, re-introduce Anti-Spam Bill
May 25, 2010
The federal government introduced legislation today to amend PIPEDA and re-introduce the Anti-Spam Bill. I’ve previously posted here regarding the anticipated changes to PIPEDA and here about the Anti-Spam Bill.
From today’s news release:
The Honourable Tony Clement, Minister of Industry, and the Honourable Denis Lebel, Minister of State (Economic Development Agency of Canada for the Regions of Quebec), today announced two steps that the Government of Canada is taking to enhance the safety and security of the online marketplace. Together, the tabling of amendments to the legislation protecting the personal information of Canadians (Personal Information Protection and Electronic Documents Act, or PIPEDA) and the reintroduction of anti-spam legislation in the House of Commons (the proposed Fighting Internet and Wireless Spam Act, or FISA) are important steps towards positioning Canada as a leader in the digital economy.
Here’s the full Industry Canada news release.
(Hat tip to David Fraser’s Canadian Privacy Law Blog )
Leave a Comment » | Anti-Spam Legislation, Data Protection, PIPEDA, Privacy | Tagged: Electronic Commerce, Identity Theft, PIPEDA, Security | Permalink
Posted by Brian Bowman
NDP dragging its heels on our privacy
February 5, 2010
It’s safe to say that the Alberta provincial government is regarded as being right wing. But Manitoba’s? Not at all. So why then is Alberta light years ahead of Manitoba at protecting workers’ privacy?
The above link takes you to the Winnipeg Sun. I’m delighted to have been asked by Sun Media Corp. to provide Comment columns like today’s on a monthly basis. I hope you find them of interest!
Leave a Comment » | Employee Monitoring, Government, Identity Theft, Personal Information, PIPA, PIPEDA, Privacy, Privacy Commissioner | Tagged: Employees, Government, Identity Theft, Manitoba, Personal Information | Permalink
Posted by Brian Bowman
