Controversial privacy law changes take hold

May 17, 2010

Amendments to Manitoba’s patient privacy law are now in effect. The controversial changes to The Personal Health Information Act went largely unnoticed in the province, but will have big implications for Manitobans and the fundraising foundations that many hospitals, personal care homes or other designated health care facilities rely upon to support innovation in health research and patient care. What were these amendments and why are they controversial?

Read more>>

Leave a Comment » | Access to Information, Health Care, PHIA, Privacy | Tagged: , , , | Permalink
Posted by Brian Bowman

Should you say “no” to the police?

April 7, 2010

Imagine this scenario… The police show up at your office and demand access to records relating to one of your customers. You want to help the police (as you should), but are concerned about violating your customer’s privacy rights. What should you do?

Well, the first thing you should do is ask the police for written documentation relating to their request. You should also immediately contact a lawyer with appropriate expertise because this type of scenario can be a legal minefield. For example, are you actually dealing with the police or some bold scam artist? Do the police have the legal authority to demand the requested information? Should they have a warrant?

Presuming that you end up providing the records to the police, you’ll need to ensure that you’re not providing too much information. If the records of your customer are co-mingled with another individual, you’ll need to consider whether you can legally provide the police with access to the other person’s information. Are you then barred from telling the customer that the police were at your office? What sort of internal records should you keep to document that the police accessed your files? How long do you need to keep those internal records?

It’s never fun to say “no” to the police. They are, after all, typically armed. But hopefully the police will make it easy for you to satisfy yourself, and your lawyer, that working cooperatively with them won’t violate your customer’s privacy and unnecessarily exposing your business to liability.

2 Comments | Access to Information, Due Diligence, Lawful Access, Privacy | Tagged: , , , , | Permalink
Posted by Brian Bowman

Monitoring employee e-mail: A privacy primer

January 4, 2010

Since e-mail has become the dominant form of business correspondence, employers have been increasingly forced to deal with issues related to e-mail use, monitoring and access. It’s crucial that organizations stay on top of the legal landscape as it relates to e-mail monitoring, especially as it relates to privacy issues.

Unfortunately, privacy law does not offer black and white answers to the legal issues raised by e-mail monitoring practices. Instead, and like most other privacy law issues, the standard of “reasonableness” rules the day.

I recently penned an article on point (link below) with my colleague Andrew Buck (who is currently completing his Articles at Pitblado LLP) for the Canadian Bar Association’s National Privacy & Access Law section newsletter, Privacy Pages. Our article examines some of the case law and commentary that has arisen from e-mail monitoring with a view towards setting out practical solutions for the creation of “reasonable” e-mail monitoring practices. If you’re interested in reading the full article, please click on the link below.

Monitoring employee e-mail: a privacy primer

1 Comment | Access to Information, E-mail, Employee Monitoring, Monitoring, PIPA, PIPEDA, Personal Information, Privacy, Technology | Tagged: , , , | Permalink
Posted by Brian Bowman

Privacy vs. security in the Internet age

October 19, 2009

Access to information 10The Federal Government’s recent initiative to modernize law enforcement related legislation for the Internet age has (at least within law enforcement and privacy circles) once again propelled the issue of privacy vs. security to the forefront. The issues are incredibly important for Canadians, yet there has been little debate within the wider public. That being said, I’m pleased to read Ian MacLeod’s recent Ottawa Citizen article, which (even if you don’t agree with some of the points) does a good job of raising the issues in plain language. For a more technical analysis of the legal issues, you may want to read fellow blogger David Fraser’s post regarding the debate about warrantless access to ISP customer information.

The debate surrounding the “lawful access” legislation stems from real challenges affecting Canada’s law enforcement agencies and their need for access to personal information in the course of investigations. What is concerning, however, is the prospect of warrantless searches without judicial oversight. As a citizen in a free and democratic society, it troubles me to see any legislative initiative that could lead to investigations without appropriate checks and balances.  Privacy and security don’t need to be mutually exclusive. Let’s hope that through the upcoming Parliamentary Hearings on the “lawful access” legislation we see a balance emerge between privacy and security in such a way that empowers law enforcement agencies while preserving the judicial oversight that Canadians have come to rightfully expect in our society.

Leave a Comment » | Access to Information, Internet, Lawful Access, Online Reputation Management, Personal Information, Privacy, Security | Tagged: , , , , , , | Permalink
Posted by Brian Bowman

Summer is over but “phishing” continues

October 6, 2009

Fishing 8BBC News is reporting that thousands of Hotmail accounts have been compromised in a phishing attack, which has reportedly affected at least 10,000 individuals.

Phishing involves identity thieves attempting to obtain personal information, such as user names, passwords and financial information, by pretending to be trustworthy organizations in need of such data.

Coincidentally, the Privacy Commissioner of Canada released her annual report today, which stresses the importance of making informed choices when sharing personal information online. The Privacy Commissioner reminds Canadians that there is a risk that unguarded personal information could be exploited by identity thieves. The Hotmail phishing attack, as well as the Privacy Commissioner’s annual report, should also remind businesses to remain vigilant in protecting their brands – or online reputations – from being damaged by identity thieves that use phishing attacks to exploit the well-earned trust that such businesses have built with their customers.

Leave a Comment » | Access to Information, Identity Theft, Internet, Online Reputation Management, Passwords, Personal Information, Phishing, Privacy, Safeguarding, Security | Tagged: , , , , , , , , , , , | Permalink
Posted by Brian Bowman

Debate rages over anonymous blogs: The Lawyers Weekly

September 29, 2009

Blog 9The Lawyers Weekly is running a story that focuses on one of the most cutting edge and rapidly emerging areas of law – online reputation management. Here are some excerpts from the story, which profiles an ongoing client matter:

“On the heels of a recent New York state court decision that ordered Google Inc. to reveal the identity of an anonymous blogger in a defamation suit, a Winnipeg business lawyer has asked the California-based online search engine giant to do the same and out a blogger on behalf of an Ottawa-area resident. Brian Bowman, a partner with Pitblado LLP in Winnipeg who specializes in privacy, access to information, online reputation management, intellectual property and technology matters, says that his client was defamed on a site appearing on Google-operated blogspot.com (also known as Blogger.com).”

“The New York court decision and the Canadian case raise “one of the fundamental legal questions of our time over the appropriate balance between legitimate, anonymous Internet speech versus the right for people to protect their reputations,” says Bowman, who expects more of these situations will emerge in the near future.”

Read the full story here.

1 Comment | Access to Information, Blogs, Defamation, Internet, Online Reputation Management, Privacy, Social Networking Websites | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Palm Pre phone secretly used GPS to report user’s location to company: Los Angeles Times

August 17, 2009

Palm preThe Los Angeles Times is reporting that the Palm Pre phone secretly uses GPS to report users’ locations to the company.

It is an interesting story because it illustrates the importance of having clear and understandable privacy policies that customers can understand. It is also an interesting story because it (once again) demonstrates the attention that the media place on privacy matters and the potentially explosive reaction that customers can have if they feel their privacy isn’t being respected.

Leave a Comment » | Access to Information, Privacy Breach, Safeguarding, Security, Smartphones, Technology | Tagged: , , , , , , | Permalink
Posted by Brian Bowman

Facebook criticized by Canada’s Privacy Commissioner: Canadian businesses can learn from high profile investigation

July 16, 2009

Academics - teachingThe Office of the Privacy Commissioner of Canada (the “OPC”) has just released an in-depth investigation report into a wide-ranging PIPEDA complaint by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) about the privacy practices of Facebook.  There is extensive domestic and international media coverage on this today including a story just posted by New York based Bloomberg News, which includes commentary by yours truly. 

While the OPC’s Facebook investigation should be a “must read” for all Facebook users, it also provides some insightful information for Canadian organizations regulated by PIPEDA. The lessons that can be learned from the investigation can be applied by Canadian businesses regardless of whether their activities are online or offline. 

Despite the fact that “[i]t’s clear that privacy issues are top of mind for Facebook…” federal Privacy Commissioner Jennifer Stoddart says that the OPC has found “serious privacy gaps in the way the site operates”. According to Stoddart, in order to comply with Canadian privacy law, Facebook must take greater responsibility for the personal information in its care.  An overarching concern of the OPC was that, although Facebook provides information about its privacy practices, it is often confusing or incomplete. For example, the “account settings” page describes how to deactivate accounts, but not how to delete them, which actually removes personal data from Facebook’s servers. The OPC recommends more transparency, to ensure that the social networking site’s nearly 12 million Canadian users have the information they need to make meaningful decisions about how widely they share personal information.

The investigation also raised significant concerns around the sharing of users’ personal information with third-party developers creating Facebook applications such as games and quizzes. (There are more than 950,000 developers in some 180 countries.) Facebook lacks adequate safeguards to effectively restrict these outside developers from accessing profile information, the investigation found. The report recommended a number of changes, including technological measures to ensure that developers can only access the user information actually required to run a specific application, and also to prevent the disclosure of personal information of any of the user’s friends who are not themselves signing up for an application.

The investigation also found that Facebook has a policy of indefinitely keeping the personal information of people who have deactivated their accounts, which is a violation of PIPEDA. The law requires organizations to retain personal information only for as long as is necessary to meet appropriate purposes. Recommendations to Facebook included the adoption of a retention policy whereby personal information in deactivated accounts is deleted after a reasonable length of time.

Click here to read the OPC’s News Release, here for the full investigation report and here to read a helpful backgrounder.  If you’d like to read more about Facebook, please click on the Facebook link under this blog’s Tags (below).

Leave a Comment » | Access to Information, Facebook, Internet, Online Reputation Management, PIPEDA, Privacy, Safekeeping, Security, Social Networking Websites | Tagged: , , , , , , , , , | Permalink
Posted by Brian Bowman

Portable Storage Devices (PSDs): Lessons learned from Australia and New Zealand

July 13, 2009

PDAs 8The Australian and New Zealand Privacy Commissioners recently released studies examining the use of Portable Storage Devices (PSDs) by their governmental agencies. The aim was to examine the risks to personal information posed by the use of PSDs.  PSDs are small, convenient devices that are capable of storing large amounts of information including laptops, cell phones, USBs, hard drives and iPods.

The studies found that government agencies often keep track of the PSDs they issue but seldom do audit checks on those devices. Policies regulating the proper usage are often developed, but rarely enforced. Hardware controls (i.e. sealing off ports and disabling cables) are used less frequently than software controls (i.e. blocking access to certain databases, monitoring access and information downloaded, etc.).

The majority of agencies (like most private sector businesses in Canada) also allow the use of private PSDs for work (i.e. a cell phone which is used for both personal and business purposes). The studies found that policies regarding the use of private PSDs were less common and much less enforceable than policies for agency-issued PSDs. Even though these studies only analyzed governmental use, the New Zealand Privacy Commissioner stated that she believed the findings were equally applicable to private sector businesses as well.

As I’ve commented in previous posts, there are privacy risks associated with the use of PSDs. First of all, there have been numerous incidents of stolen laptops and other PSDs that contained personal information. Secondly, devices such as USBs are easy to lose. Thirdly, disgruntled employees can easily use PSDs to steal personal information and other confidential corporate information from employers.  For example, an employee can simply click a button and download a company’s entire database in a matter of minutes. This is called “pod-slurping” and is especially a threat given the fact that many government agencies and private companies do not have the software capability to track when data has been downloaded to a PSD.

In order to avoid a privacy breach and resulting damage to your business, consider implementing some of the suggestions contained in a 2006 investigation by the Alberta Privacy Commissioner (which I would add should, of course, be implemented in accordance with your organization’s privacy policy and applicable law):

  1. Develop policies on proper usage of PSDs (whether company-issued or private) and train employees about these policies. Include detailed instructions about retention and deletion of personal information;
  2. Limit the amount of personal information that is stored on PSDs;
  3. Use encryption on all PSDs that store personal information. Password protection alone is not sufficient as there are free software programs available on the Internet which can crack passwords;
  4. Monitor the use of PSDs through software (i.e. install software that tracks data downloaded from a database onto a PSD);
  5. Instead of using PSDs, implement technologies that allow employees to access a database through a secure network;
  6. With respect to laptop thefts, consider installing tracking software that can trace the location of a lost laptop. Also consider installing a “kill switch” so that the computer will self-destruct if an individual tries to gain unauthorized access; and
  7. Stress to employees the need to use appropriate safeguards at all times, even when at home.

Leave a Comment » | Access to Information, PSDs, Privacy, Safekeeping, Security, Technology | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Manitoba Ombudsman’s 2008 Annual Report Released

June 25, 2009

ResultsThe Manitoba Ombudsman‘s Office recently released its annual report outlining the activities of its Access and Privacy Division in 2008. Here are some highlights…

Of the 198 new access complaints that were launched, 134 (68%) dealt with “refused access”. This indicates that the provincial government and public bodies either have to be more willing to grant access when requested or do a better job at explaining their rationale for refusing access. Of the 207 cases that were closed in 2008, 38% of the complaints were supported by the Ombudsman, 35% were not supported and 5% were resolved before the Ombudsman could issue a finding. This indicates that all of the complaints brought to the Ombudsman are not without merit. The public appears to have a relatively good understanding of what their rights are under FIPPA and PHIA.

The Ombudsman has also been proactively involved in the development stages of legislation and programs in order to address potential privacy issues. For example, the Ombudsman expressed concerns about the technology used in Enhanced Drivers Licenses (EIC). Radio Frequency Identification chips store the necessary information on the EICs, but the chips are always “on”, meaning that they can be read by unauthorized individuals. This concern is being addressed by providing the cardholder with a protective sleeve. However, if the sleeve is ripped, torn or used improperly, it will not provide the necessary protection. Therefore, the Ombudsman has stressed that it is essential that individuals understand the privacy implications of opting into the EIC program.

The Ombudsman was also been involved in assessing the use of closed-circuit television monitoring by Winnipeg Police, who have agreed to follow the recommendations of the Ombudsman and will not live-monitor the cameras and will work towards developing retention policies and technology to “sever” individuals from images which are not relevant.

Overall, the Ombudsman largely applauds public bodies and government agencies for addressing privacy concerns in the development phases of new programs and legislation. However, it is clear that public bodies need to do a better job of dealing with access requests.

Leave a Comment » | Access to Information, Government, Ombudsman, Privacy | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Social networking websites and employer-employee relationships

June 2, 2009

As I’ve previously discussedSocial networking websites such as MySpace and Facebook are provoking new questions about the appropriate boundaries in employee-employer relationships. This is evident in a United States Federal Court case coming to a head in New Jersey. The case pertains to the conduct of a manager who logged into a private social networking website and observed employees slandering company supervisors and customers. Those same employees were later dismissed. The case exemplifies a rapidly expanding “grey area” between an employee’s work life and personal social life. It begs the question, at what point does a “private” comment to friend made outside of the office constitute defamation, and at what point are such comments simply banter between individuals?  Of course, the answer is, it all depends on the facts. 

For an interesting discussion on the matter, check out Myrth on a Blog, a personal journal of law, technology and social media.

1 Comment | Access to Information, Blogs, Defamation, Employee Monitoring, Facebook, Internet, MySpace, Online Reputation Management, Privacy, Social Networking Websites, Technology | Tagged: , , , , , , , , , | Permalink
Posted by Brian Bowman

One small step…

March 24, 2009

web-search-2In terms of privacy, as with many other things, each step forward seems to come with a catch that makes the step forward a little smaller than one would hope.  Google, in response to demands from privacy advocates and users, has taken a progressive step forward and created a means for users of Google to opt out of their targeted advertising by allowing a user to access Google Ad Preferences to change settings or to opt out completely.

At the same time, Google has announced plans to launch a new type of targeted advertising.  Currently, when an Internet user visits a webpage with Google Adsense, Google will store cookies on a user’s computer and remember their interests from previous searches.  The example used by Google is that if you have an interest in gardening, you may be shown gardening ads along with those related to the site you are visiting.

While Google’s addition of its Ad Preferences program is encouraging for privacy advocates, it does come in the wake of an entirely new and -according to privacy advocates – more invasive means of targeting ads at users.  As part of this new initiative, Google has asked all Google Adsense publishers to update their privacy policies to notify users of their site of the fact that interest-based advertising will be displayed.

The Privacy Commissioner once noted that although PIPEDA (and other privacy legislation) imposes obligations on organizations to take appropriate measures in protecting personal information, sometimes the more important role of privacy legislation is to help people shape their view of privacy.

By revising their privacy policies, businesses will be taking steps to comply with applicable privacy laws; but whether these steps are enough to address the expectations of their customers regarding privacy is a matter to be best considered by each business.  In the meantime, if a business using Adsense has any questions about this change or requires any assistance in updating their Privacy Policy, I would encourage you to contact me to discuss.

Leave a Comment » | Access to Information, Internet, Privacy, Security, Technology | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Escrow as a new tool for privacy

March 23, 2009

keys-2Bell Canada recently announced that it would acquire The Source, a national electronics dealer.  Bell has indicated that it will be acquiring substantially all of the assets of The Source.

I don’t know what those assets will be, but I think it is an interesting example of the fact that even in recessions we still see acquisitions of companies.  When an organization’s assets are bought, one of the most valuable assets that are purchased is often its customer list.   

PIPEDA and other applicable privacy laws, of course, govern transactions involving personal information.   In the course of such transactions some companies are now implementing concepts once used only to secure physical assets.  For example, many organizations are choosing to employ “escrow” arrangements to ensure the security of personal information.

Most businesses now understand that the implications of violating applicable privacy laws can be very serious to the reputation and bottom line of both the vendor and purchaser.  As part of a sale of a customer list, and depending on the specific circumstances, both parties may agree that the customer list be placed in escrow until the transaction is completed.  This ensures that what is likely the most valuable asset in the transaction – the customer list – is protected from unintended disclosures prior to the actual transfer of the business.

1 Comment | Access to Information, Due Diligence, Privacy, Sale Transactions, Security | Tagged: , , , , , , , , | Permalink
Posted by Brian Bowman

Businesses don’t have privacy rights

March 9, 2009

If you’re a privacy professional you will know that Canada’s privacy laws are in place to protect the privacy rights of individuals, not businesses.

Despite this fact and that Canada’s federal privacy law, PIPEDA, has been in force since 2001, it’s surprising how many others are confused on this point.

For instance, I recently had a client make an information request to an organization for access to corporate information. When the organization responded, they denied access to the requested information and claimed that PIPEDA required that they do so in order to protect the privacy interests of a business.

There may be circumstances where organizations have other legitimate reasons for denying access to certain information. There may also be circumstances where privacy laws such as PIPEDA should be cited in denying access to certain business records where releasing the information could unlawfully disclose the personal information of another individual. Organizations should not, however, cite Canada’s privacy laws as a justification to deny access to information requests on account of the privacy rights of a business.

If you encounter this scenario you may be dealing with someone who either doesn’t understand privacy laws or who is perhaps being disingenuous. After all, the general thrust of Canada’s privacy laws is to encourage organizations to create a culture of privacy in order to protect the privacy of individuals whose personal information is collected, used, retained or disclosed by such organizations.

2 Comments | Access to Information, Due Diligence, PIPEDA, Privacy | Tagged: , , , , | Permalink
Posted by Brian Bowman

To release or not to release: The Brian Sinclair tragedy

February 12, 2009

question-21If you’re from Winnipeg, you’re well aware of the terrible tragedy of Brian Sinclair, who passed away in the emergency department of the Health Sciences Centre after waiting to see a doctor for 34 hours. Manitoba’s NDP government and the Winnipeg Regional Health Authority (WRHA) have been dealing with the political and legal consequences since Mr. Sinclair’s death last fall.

I was asked yesterday to provide comment to the Winnipeg Sun on the validity of the government’s recent claim that it could not release the first administrative review into the tragedy because of privacy concerns. The story serves as a reminder to government bodies and businesses of the challenges (and need for expert legal counsel) when dealing with access to information and related privacy matters.

A separate story reported at TechCrunch demonstrates the risks when releasing redacted documents to the public.  Canadian privacy laws typically require organizations to blackout, or redact, portions of documents that contain someone else’s personal information unless that person consents to its disclosure.  It’s a time-consuming, but important, step that organizations need to take before disclosing documents under access to information legislation.  But, as this story points out, organizations need to be very careful about how they redact!

Leave a Comment » | Access to Information, Privacy | Tagged: , , , , , , | Permalink
Posted by Brian Bowman

Privacy chief important role

February 11, 2009

sheriffPrivacy chief important role in modern firm

My August 18, 2008 column in the Winnipeg Free Press provides a definition of the position of Chief Privacy Officer (CPO) as well as some tips to help determine the scope of the role in particular firms.

Leave a Comment » | Access to Information, Privacy | Tagged: , , , , , , | Permalink
Posted by Brian Bowman

Privacy law update good

February 10, 2009

cheering-2Privacy law update good: Job needs full-time commissioner

My May 7, 2008 column in the Winnipeg Free Press explains the difference between Manitoba’s Information and Privacy Adjudicator and a privacy commissioner, as appointed in almost every other province and at the federal level.

Leave a Comment » | Access to Information, Ombudsman, PIPEDA, Privacy | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Get your company’s Privacy Policy in order

February 10, 2009

remindersGet your company’s privacy policy in order:  Potential purchasers will need to know

My March 5, 2008 column in the Winnipeg Free Press discusses some of the problems that can occur when trying to sell a business, if you haven’t put privacy policies in place.

Leave a Comment » | Access to Information, Due Diligence, Privacy, Sale Transactions | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Businesses face challenge

February 9, 2009

ascendsBusinesses face challenge in winning people’s trust

My November 7, 2007 column in the Winnipeg Free Press discusses the Privacy Commissioner of Canada’s annual report and what it means to private sector businesses.

Leave a Comment » | Access to Information, PIPEDA, Privacy, Safeguarding, Security | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Privacy ultimately your responsibility

February 9, 2009

pointing-3Privacy ultimately your responsibility

My October 3, 2007 column in the Winnipeg Free Press emphasizes the importance of protecting your personal information by not handing it over to strangers, among other strategies.

Leave a Comment » | Access to Information, Facebook, Privacy, Security | Tagged: , , , , , , | Permalink
Posted by Brian Bowman

Privacy resolutions for 2008

February 9, 2009

checklistPrivacy resolutions for 2008

My January 2, 2008 column in the Winnipeg Free Press makes some suggestions for businesses to improve their privacy efforts before legislation forces them to make them.

Leave a Comment » | Access to Information, Privacy, Safeguarding, Security | Tagged: , , , , , | Permalink
Posted by Brian Bowman

Businesses must take steps to prevent ID theft

February 6, 2009

buildingsBusinesses must take steps to prevent I.D. theft

My July 4, 2007 column in the Winnipeg Free Press points out the fine-tuning to PIPEDA and what businesses will have to do to remain compliant.

Leave a Comment » | Access to Information, Identity Theft, PIPEDA, Privacy, Security | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Province failing on privacy issues

February 6, 2009

failProvince failing on privacy issues; citizens deserve better protection

My May 2, 2007 column in the Winnipeg Free Press poses a challenge to the participants in the upcoming provincial election of May 22, 2007 to follow through on promises of a Manitoba privacy commissioner.

Leave a Comment » | Access to Information, Identity Theft, Privacy, Security | Tagged: , , , , , , | Permalink
Posted by Brian Bowman

Protecting IDs is good business

February 6, 2009

security2Protecting IDs is good business, and it’s the law

With March being Fraud Prevention Month, my March 7, 2007 column in the Winnipeg Free Press lists some of the procedures businesses should have in place to ensure they are compliant with privacy legislation.

Leave a Comment » | Access to Information, Identity Theft, Privacy, Security | Tagged: , , , , , , , , | Permalink
Posted by Brian Bowman

Time to amend the Personal Information Act

February 6, 2009

watchTime to amend the Personal Information Act

My January 3, 2007 column in the Winnipeg Free Press discusses the mandatory review of PIPEDA and my recommendations on behalf of the Canadian Bar Association.

Leave a Comment » | Access to Information, PIPEDA, Privacy, Security | Tagged: , , , , , , | Permalink
Posted by Brian Bowman

Information requires safekeeping

February 5, 2009

workInformation requires safekeeping

In today’s economy, information is the most valuable corporate asset. And for this reason, businesses of all sizes should take steps to protect corporate information regardless of whether it is stored online or off-line. Whether it’s customer or supplier lists, intellectual property or employees’ personal information, it’s information that needs safekeeping. My September 6, 2006 column for the Winnipeg Free Press discusses the importance of protecting corporate information.

2 Comments | Access to Information, Privacy, Safekeeping, Security, Security Breach | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Manitoba lacks privacy commissioner

February 5, 2009

looking-3Years after Doer’s promise, Manitoba lacks privacy commissioner

My October 4, 2006 column for the Winnipeg Free Press recommends the Manitoba government follow up on a campaign promise to create a Manitoba privacy commissioner as exists in almost every other Canadian province.

Leave a Comment » | Access to Information, Privacy | Tagged: , , , | Permalink
Posted by Brian Bowman