June 16, 2010
Can the act of connecting with other professionals on social networking websites such as LinkedIn constitute a violation of a non-compete or non-solicitation contractual undertaking? Are departing employees that are subject to such restricted covenants required to disconnect and “de-friend” colleagues and customers of their former employer until the contractual undertaking have expired?
ComputerWorld is reporting today that an IT staffing firm has accused one of its former employees of violating her non-compete undertaking through her conduct on LinkedIn. I’m not aware of any similar lawsuit to date in Canada so it’ll be interesting to see how this particular case evolves in the U.S. This case and others that I’ve previously noted highlight the blurring line between online and offline worlds. Businesses should consider whether or not, and to what extent, they should try to enforce such restrictive covenants in the social networking world. Stay tuned…
Leave a Comment » | 
Employee Monitoring, Internet, Monitoring, Online Reputation Management, Social Networking Websites | Tagged: Businesses, Customers, Employees, Internet, Online Reputation Management, Social Networking | 
Permalink
Posted by Brian Bowman
February 3, 2010
I’d like to welcome my firm, and colleagues at Pitblado LLP, to the blogosphere!
We’ve just launched a new firm blog, called PitbLAWg, that’s intended to provide readers with practical commentary regarding timely and relevant legal issues affecting you and your business.
I hope you visit PitbLAWg by clicking here.
Leave a Comment » | Blogs | Tagged: Blogs, Businesses, Social Networking | Permalink
Posted by Brian Bowman
November 18, 2009
The U.K.’s Huffington Post is reporting that a rogue employee of a major mobile phone company has illegally sold millions of customer records to rival companies. Apparently, customers’ personal information (including contract expiry dates) was sold to several rivals, which then used the material to cold-call customers to offer them an alternative deal.
As I’ve previously written, information really is the most valuable corporate asset. And for this reason, businesses of all sizes should take steps to protect corporate information regardless of whether it is stored online or off-line. Whether it’s customer or supplier lists, intellectual property or employees’ personal information, it’s information that needs safekeeping.
This case should serve as a reminder that corporate safekeeping practices must include protecting data from rogue employees.
3 Comments | Data Protection, Due Diligence, PIPA, PIPEDA, Personal Information, Privacy, Privacy Breach, Safeguarding, Safekeeping, Security | Tagged: Businesses, Corporate Information, Due Diligence, Employees, Personal Information, PIPEDA, Privacy, Privacy Breach, Privacy Compliance, Safeguarding, Security | Permalink
Posted by Brian Bowman
September 21, 2009
Peruse through your Inbox and look at the e-mails you have received this week. No doubt there will be a few that include legal notices at the bottom of messages warning you of the confidential nature of the correspondence and stressing that if you are not the intended addressee that you are to return the e-mail to the sender… immediately! These automatically generated e-mail disclaimers have become standard business practice. They have become so commonplace it begs the question: are e-mail disclaimers legally enforceable?
This very question has yet to be the focus of judicial consideration in Canada, and it appears as though it remains an unresolved issue in most other jurisdictions. Although bloggers and writers have analyzed e-mail disclaimers, there is no authoritative jurisprudence or legislation to shore up their arguments. There are a number of issues surrounding the enforceability discussion, including, among other things:
- the lack of consideration between parties to create binding contracts via typical e-mails;
- the timing of e-mail disclaimers (they come at the end of e-mails, after recipients have read the messages); and
- the otherwise lack of confidentiality associated with e-mails, which has come to light through the ever-increasing number of e-fraud cases.
That said, it is always safer to err on the side of caution. In the event your organization were unlucky enough to be sued for the contents of an e-mail, it may prove useful to have used an e-mail disclaimer. At the end of the day, even though the enforceability of e-mail disclaimers may not have yet been judicially considered, having an appropriately drafted e-mail disclaimer may help mitigate your businesses’ liability in the event of an unfortunate e-mail mishap.
E-mail disclaimers should be drafted with legal and business considerations in mind in such a manner that reflects the values, marketing strategy and risk tolerance of your organization. Please contact me if I can provide any assistance in drafting an e-mail disclaimer that suits your organization’s needs.
Leave a Comment » | E-mail Disclaimers, Internet, Marketing, Safeguarding, Security | Tagged: Businesses, E-mail Disclaimers, E-mails, Internet, Marketing, Privacy, Safeguards, Security | Permalink
Posted by Brian Bowman
August 24, 2009
The sound of ringing telephones has caused migraines for millions ever since Alexander Graham Bell placed the first call to Mr. Watson in 1876. But thanks to some newly released technology, that’s about to change. Got a headache? There is, to borrow a phrase from a successful ad campaign, an app for that. Bellaire, Texas med-web company BetterQOL is rolling out iHeadache, an iPhone application that purports to “classify” and assist with diagnosing a user’s headache. iHeadache is one of many cutting edge applications available for use with smartphones. Don’t expect this trend to stop any time soon: thanks to programs like Apple’s iPhone Developer (only $99 for the standard edition), it’s becoming even easier for technology-savvy businesses to create their own apps.
Still not convinced? Consider this list of impressive apps for today’s traveler: Pocket Express, an app that acts as a mobile concierge; Stanza, an app that allows a user to load magazines and books to their smartphone; and GoodFood, which helps a user pick and locate a restaurant based on an array of dining preferences. It’s a good time to be a smartphone user, but perhaps even a better time to be an entrepreneur. Smartphones are increasingly offering businesses a direct window into the hearts, minds and, yes, wallets of potential customers.
But it’s not all good news, privacy advocates remind us. Many smartphone apps guzzle fuel like your Dad’s ’70 GTO, except they’re eating personal user information instead of gasoline. For example, your app may record your location, gender and birth year before it spits out the location of that perfect sale you’ve been looking for. A sizeable amount of personal information is in play, but, fortunately, Ontario’s Office of the Information and Privacy Commissioner (“IPC”) has been ahead of the curve with its call for “Privacy by Design“. Initially unveiled over 10 years ago, the concept of Privacy by Design combines privacy and security measures at the design specification stage of a project. Instead of waiting until privacy problems pop up to deal with them, Privacy by Design contemplates a proactive approach toward potential privacy issues. This methodology uses Privacy Enhancing Technology such as encryption to provide both maximum security and privacy protection. It is, as the IPC bills it, a “win-win” situation. Other examples of Privacy by Design include anonymous billing systems and depersonalization software.
It’s an exciting time to be a technologically-inclined entrepreneur, but the privacy consequences of smartphone apps cannot (and should not) be ignored. Any business that is considering creating or otherwise implementing an app should consider the privacy implications of doing so, preferably at the early stages of project development.
1 Comment | Internet, Marketing, Mobile devices, PIPEDA, Privacy, Privacy Commissioner, Safeguarding, Security, Smartphones, Technology | Tagged: Businesses, Enterpreneurs, Marketing, Mobile devices, Privacy, Safeguarding, Security, Smartphone Applications, Smartphones, Technology | Permalink
Posted by Brian Bowman
August 10, 2009
Have you heard the saying “Just when you think you understand the situation, what you don’t understand is that the situation has changed”? If you think you understand The Personal Information Protection and Electronic Documents Act (“PIPEDA”), get ready… changes may be just around the corner.
PIPEDA was introduced back in 2001. It requires the Canadian Government to review the law every five years. To this end, the House of Commons Standing Committee on Access to Information, Privacy and Ethics (the “House of Commons Committee”) conducted its review and held public hearings from November 2006 to February 2007, where it heard from over 60 witnesses and considered over 30 submissions from a wide range of interested organizations and individuals. I had the pleasure of appearing before the House of Commons Committee to present the Canadian Bar Association’s National Privacy & Access Law Section’s submission, which you can read here. The House of Commons Committee issued its report to Parliament in May 2007 (which outlined 25 recommended changes to the law), to which the Canadian Government subsequently issued its response in October 2007. As part of the Canadian Government’s response, further public consultation on key issues was requested. A link to the Office of the Privacy Commissioner’s reply to this request can be read here and the Canadian Bar Association’s response can be read here.
Changes to PIPEDA may include:
- a mandatory breach notification regime that would require organizations to promptly notify affected individuals and to report major data breaches to the Privacy Commissioner of Canada;
- amendments to account for the unique circumstances regarding consent in employer/employee relationships; and
- modifications to allow organizations to collect, use and disclose personal information as necessary for the conduct of business transactions, such as mergers and acquisitions.
The Industry Canada website targets 2009/10 for the implementation of changes resulting from this first PIPEDA review. Yet, there is no definitive time frame, so stay tuned. Changes may be just around the corner.
1 Comment | Government, PIPEDA, Privacy, Privacy Breach, Privacy Commissioner, Security Breach | Tagged: Businesses, Data Protection, Due Diligence, Employees, Identity Theft, Personal Information, PIPEDA, Privacy, Privacy Breach, Privacy Commissioner, Privacy Compliance | Permalink
Posted by Brian Bowman
July 27, 2009
Have you heard the term “cloud computing“, but aren’t really clear what it means?
Cloud computing is an umbrella term that refers to the use of Internet-hosted computer services. Think of your server — instead of having one in-house server located on company premises, an organization might opt to buy space on a third-party provider’s server. Other options include software hosting and data storage. By purchasing computing services from a variety of Internet-based providers, your computer needs are housed within a larger “cloud” of computer services.
Some organizations are opting for ”Software as a service” (SaaS), and allowing their data to reside on other company’s servers, or “the cloud“. Users only have to buy the space they need, which allows organizations to save money on their technology costs. Other benefits include access to people with technological know-how, flexibility and reduced maintenance costs.
Cloud computing is not new, but is now embedded into the fabric of modern business operations. In fact, the Los Angeles Times has reported that the city of Los Angeles is considering using Google applications for all of its software needs.
Privacy issues related to cloud computing, however, are profound. For example, many of the security questions that relate to traditional third-party data hosting were raised when a hacker broke into a Twitter employee’s work e-mail account and stole confidential company documents. The World Privacy Forum, meanwhile, has released a 28-page report on some of the privacy issues that relate to cloud computing. The report concludes that sharing information may expose some business users to liability, and emphasizes the importance of checking a cloud provider’s terms of service, privacy policy, and location.
Canadian businesses that engage in cloud computing should be reminded that they must do so in compliance with applicable privacy laws. For example, the Personal Information and Protection of Electronic Documents Act obliges organizations that transfer personal information to third parties to ensure appropriate security safeguards are in place.
They should also be mindful of the raging debate about the perils of cloud computing that has been underway now for some time. While cloud computing has the potential to provide benefits, organizations should ask themselves whether it is worth the risks it poses. You might save money in the short run, but is it worth the potential of a massive privacy breach?
2 Comments | Internet, PIPEDA, Privacy, Technology | Tagged: Businesses, Corporate Information, Information Technology, Internet, Outsourcing, Personal Information, PIPEDA, Privacy, Privacy Compliance, Technology | Permalink
Posted by Brian Bowman
July 6, 2009
Recently, an interesting article in the Globe and Mail dealt with the issue of smartphone etiquette. Business professionals fidgeting with their BlackBerrys and iPhones in meetings, walking through airports with eyes glued to their small glowing screens and operating their devices in restrooms may seem unrealistic at first blush, but is it really? The reality is that smartphones have permeated the business world. They are everywhere, they are powerful and have the potential to be extremely damaging.
Breaches of confidential corporate data and personal information are nothing new to the business world, but smartphones have brought a new dimension to the problem. Smartphones are starting to make appearances in Canadian court cases in a supporting role, but it won’t be long before they are squarely in the spotlight. The latest iPhone model has up to 32GB of memory while BlackBerrys can store vast amounts of data on memory cards. The equivalent of entire filing cabinets can now be carried around conveniently in your shirt pocket. This reality has increased the risk for massive privacy breaches in the blink of an eye.
The big question is how involved should employers be in regulating and monitoring their employees use of smartphones? All encompassing monitoring of employee smartphone use is a touchy area, but the permeation of smartphones in today’s corporate world and the corresponding risks to businesses necessitates (at the very least) that relevant guidelines concerning their use in the workplace should be implemented by employers. All it takes to damage a business is for one employee to misplace their smartphone without having first activated their security settings.
1 Comment | Employee Monitoring, Privacy, Privacy Breach, Security, Security Breach, Smartphones | Tagged: Security, Privacy, Businesses, Privacy Breach, Security Breach, Employee Monitoring, Smartphones, BlackBerrys, iPhones | Permalink
Posted by Brian Bowman
June 28, 2009
Your business has insurance for typical business risks, but will your insurance protect you from liability arising from privacy law compliance?
People are increasingly aware of their privacy rights. This heightened awareness has translated into a greater willingness to initiate costly and time-consuming privacy complaints. Thanks to laws like the Personal Information Protection and Electronic Documents Act (PIPEDA), the reality for businesses is that non-compliance with privacy laws can take a chunk out of the bottom line. Given the costs associated with failing to meet legal standards, it’s not surprising that many insurers now offer privacy insurance coverage. But what is privacy insurance, and will it actually protect your business when you need it most? The scope of coverage offered varies depending on the provider, so it’s important to read the fineprint.
Be sure to ask what the policy covers. Some policies limit privacy insurance to protection from hacker attacks. But while hackers are a serious issue for any business, your insurance plan may need to do more. Depending on your jurisdiction and the applicable privacy laws, you may want to look for protection against any costs that can be imposed by the regulatory agencies that oversee compliance with privacy legislation. Otherwise, you might find you’re on your own for your businesses’s failure to fully meet the legal requirements for personal information under your control, including obligations to respond to access to information requests, obtain consents and ensure the accuracy of personal information holdings. It’s also a good idea to evalute your existing protection. Your current business insurance may already provide you with the coverage you need. If, for example, your errors and omissions insurance already protects you against privacy breaches, purchasing additional insurance may not be necessary.
Consider what the privacy insurance plan won’t cover. Many plans don’t cover illegal or fraudulent employee conduct, and some stop short of protecting against anything beyond the unauthorized release of personal information. Court defence costs may also be excluded. Make sure you read the plan or have your lawyer go over it before you buy it.
Finally, don’t forget that the best insurance policy is to take as many proactive steps as possible to get your privacy house in order. If you’re reading this blog, chances are you already have some of these measures in place. If not, consider comprehensive privacy policies and procedures that are reviewed and updated on (at least) an annual basis by legal counsel with expertise in privacy law. Staff privacy training is another excellent proactive step. As the saying goes, the best offence is a good defence!
Leave a Comment » | PIPEDA, Privacy, Privacy Insurance, Security | Tagged: Businesses, PIPEDA, Privacy, Privacy Insurance, Privacy Training, Security | Permalink
Posted by Brian Bowman
May 29, 2009
It’s been a thrilling week for my colleagues at Pitblado LLP as it was announced earlier this week that we were to be the 1st Canadian law firm to be a guest blogger on the must-read slaw.ca. Yours truly, three of my colleagues from our firm’s Information & Ideas Practice Group as well as our firm’s librarian each contributed one post a day this week to slaw.ca on cutting edge legal topics. Here’s what we covered…
On Monday, I posted “What Would Happen If One of your Employees Posted a Video of an Irate Customer on YouTube?”, which I cross posted on my blog earlier this week. The post highlights a YouTube video of an irrate customer as a reminder to Canadian businesses of the powers of new technologies such as YouTube and the corresponding need to protect against the dissemination of this type of video through employee privacy training and the adoption and enforcement of privacy and procedures.
On Tuesday, Carol Lynn Schafer posted “Do TOS Have the Final Word on our Fundamental Rights and Freedoms?”, which discusses the controversial effects of Terms of Service on popular websites such as Facebook and Twitter. As Carol Lynn notes, Terms of Service should be drafted with the bigger picture in mind and can no longer be seen as standard agreements that can be treated with a one size fits all approach.
On Wednesday, Jolin Spencer posted “Whose Property Is It, Anyway?”, which discusses the questions that come into play when employees leave their positions. For example, what can an employee take, and what must they leave, when they vacate their position? As Jolin points out, no business wants its intellectual property assets walking out the door with a former employee.
On Thursday, our firm’s librarian, Karen Sawatsky, posted “Legal Research Bootcamp – Winnipeg Style”, which discusses her experience collaborating with members of the Manitoba Bar Association and the Law Society of Manitoba to create a CLE for articling students on legal research. The Legal Research Bootcamp is a first for Manitoba students, and aims to bridge the gap between when students start their articles and when CPLED begins in the fall.
And last but not least, today Adam Herstein posted “Manitoba: Innovative Fighter of Child Sexual Exploitation”, which focuses on Manitoba’s recent enactment of The Child and Family Services Amendment Act (Child Pornography Reporting) (Manitoba) and how Manitoba is the first province in Canada to enact legislation that makes it mandatory for a person who encounters child pornography to report it to authorities. Adam also notes that Canada has a national tipline called Cybertip.ca for reporting the sexual exploitation of children.
Thanks to slaw.ca for the opportunity to contribute!
1 Comment | Blogs, Copyright, Facebook, Government, Intellectual Property, PIPEDA, Privacy, Social Networking Websites, Technology, Training | Tagged: Businesses, Copyright, Corporate Information, Employees, Facebook, Information Technology, Intellectual Property, Internet, Inventions, Manitoba, Mobile devices, Personal Information, PIPEDA, Privacy, Privacy Breach, Privacy Compliance, Safeguarding, Social Networking, Technology | Permalink
Posted by Brian Bowman
April 24, 2009
The Government of Canada announced today the introduction of anti-spam legislation called the Electronic Commerce Protection Act (“ECPA”) that “aims to boost confidence in online commerce by protecting the privacy and personal security concerns that are associated with spam, counterfeit websites and spyware.”
According to the government’s News Release, the ECPA would allow businesses and individuals to initiate civil actions against anyone who violates the law. The ECPA deals with unsolicited text messages, or “cellphone spam”, as a form of “unsolicited commercial electronic message”.
It would establish a regulatory enforcement regime that would enable the CRTC to impose penalties of up to $1 million for individuals and $10 million in all other cases. The Competition Bureau would use a penalty regime already provided for in the Competition Act, and the federal Privacy Commissioner‘s powers to cooperate and exchange information with her counterparts would be expanded in respect of the Personal Information Protection and Electronic Documents Act.
The ECPA is nearly 70 pages long. Stay tuned to this blog. As soon as I’ve been able to digest the content I’ll post again on how the ECPA is likely going to affect Canadian businesses, especially those enaged in online marketing.
2 Comments | Government, Identity Theft, Internet, Marketing, Online Shopping, PIPEDA, Privacy, Spam | Tagged: Businesses, Customers, Identity Theft, Information Technology, Internet, Marketing, PIPEDA, Privacy, Privacy Commissioner, Privacy Compliance, Spam | Permalink
Posted by Brian Bowman
April 22, 2009
The current global economic climate has led to a growing number of bankruptcy and insolvency proceedings, particularly in the U.S. In dealing with these proceedings, many business leaders have not paid enough attention to the role of privacy law and its impact on the bottom line.
A prime example is the bankruptcy of U.S. online toy retailer, Toysmart.com. Toysmart.com had collected vast amounts of personal information from its online consumers in accordance with its privacy policy, which stated that the company would never share its database with third parties. Despite the promise, Toysmart.com then made attempts to sell the database. The U.S. Federal Trade Commission (“FTC”) then sued Toysmart.com seeking injunctive and declaratory relief to prevent the sale of the database by Toysmart.com. The complaint alleged that Toysmart.com had violated U.S. law by misrepresenting to consumers that personal information would never be shared with third parties, and then disclosing, selling and offering that information for sale. Toysmart.com later settled with the FTC. The settlement agreement forbid the sale of the database except under very limited circumstances.
Of course, Canadian companies are subject to Canadian privacy laws such as PIPEDA, which require the consent of individuals for the disclosure of personal information to third parties. In structuring privacy policies, Canadian companies should consider all outcomes including bankruptcy. As a result, privacy policies should be carefully drafted with consideration of the possibility that personal information may be shared with third parties in the event of bankruptcy. Doing so will almost certainly not be enough to fully comply with Canadian legal requirements, but it’s a prudent step in the right direction – especially in these uncertain economic times.
Leave a Comment » | Due Diligence, Internet, PIPEDA, Privacy, Privacy Breach, Sale Transactions | Tagged: Businesses, Customers, Due Diligence, Personal Information, PIPEDA, Privacy, Privacy Compliance | Permalink
Posted by Brian Bowman
April 15, 2009
Businesses are increasingly being asked to reduce their “carbon footprint”. And while many customers are interested in doing business with organizations that are trying to reduce their carbon footprint, many customers are also concerned about their own “digital footprints“.
The Discovery Channel has an interesting online tool that allows you to play a simple scenario by conducting your normal transactions as you would on any given day. Doing so shows you how often you provide your personal information to businesses and governments. You can then play the scenario again to try to reduce your digital footprint. Click here to play!
Businesses can help reduce their customer’s digital footprints by ensuring they only collect the personal information of customers necessary for the purposes identified by the organization and required for particular transactions. Additionally, businesses should avoid collecting personal information indiscriminately. As I’ve mentioned in a previous post, reducing the volume of personal information that a business collects (and is then responsible for safeguarding and destroying in accordance with applicable privacy laws) helps customers to reduce their “digital footprints”. It also helps businesses to comply with privacy laws like PIPEDA and improve customer relations.
Leave a Comment » | Due Diligence, Identity Theft, Internet, PIPEDA, Privacy, Safeguarding, Safekeeping, Security, Technology | Tagged: Businesses, Customers, Due Diligence, Identity Theft, Information Technology, Personal Information, PIPEDA, Privacy Compliance, Retention, Safeguarding | Permalink
Posted by Brian Bowman
April 13, 2009
Does PIPEDA apply to non-Canadians? It’s a common question.
PIPEDA applies to organizations that collect, use, or disclose “personal information” in the course of a commercial activity. The definition of “personal information” does not specify the residency of the individual to whom the personal information must relate. As a result, organizations are well-advised to manage their personal information holdings in accordance with all of the obligations set forth in PIPEDA regardless of the residency of the individuals to whom information relates. If they don’t, non-Canadians (including U.S. residents) may initiate privacy complaints to the Office of the Privacy Commissioner of Canada.
Leave a Comment » | Due Diligence, PIPEDA, Privacy, Privacy Breach | Tagged: Businesses, Personal Information, PIPEDA, Privacy Commissioner, Privacy Compliance | Permalink
Posted by Brian Bowman
April 9, 2009
Another day, another development in the Google Street View story. Canada’s Privacy Commissioner and several provincial privacy commissioners have commented on street level imaging technology by releasing a timely Fact Sheet on the related privacy issues.
The commissioners point out that ”a common misconception is that a company doesn’t need your permission to take your photograph in a public place. In fact, one of your key protections under Canadian privacy law is that you should know when your picture is being taken for commercial reasons, and what your image will be used for. Your consent is also needed.”
The Winnipeg Free Press is also running an excellent story in today’s newspaper, which highlights some of the broader issues related to Google Street View. Arthur Schafer, a professor at the University of Manitoba and director of the Centre for Professional and Applied Ethics, comments in the story about the related ethical issues while I comment in the story about the related legal issues.
1 Comment | Internet, PIPEDA, Privacy, Technology | Tagged: Businesses, Google, Information Technology, Internet, Personal Information, PIPEDA, Privacy, Privacy Commissioner, Privacy Compliance, Technology | Permalink
Posted by Brian Bowman
April 6, 2009
The looming battle between privacy advocates and Google Street View could have implications beyond Google and its Canadian-based service providers, who are currently taking detailed photos of Canadian cities. I’m quoted in today’s Winnipeg Sun article on this issue, where I argue that the implications of the Google Street View battle could extend to how Canadian privacy laws are interpreted and enforced.
If you’re not ramped up on Google Street View, you may want to read the Wikipedia description, which does a good job of explaining the Google service. David Fraser also has an illustrative blog post, which highlights the remaining privacy issues despite Google’s efforts to blur faces and licence plates.
Despite the fact that Google’s Canadian-based service providers are taking pictures in public places, Canadian privacy laws generally require the consent of individuals for the collection of their personal information. In fact, the first ever Case Summary under PIPEDA dealt with video surveillance activities in public places. In the Case Summary, the former Privacy Commissioner advised the company being investigated that its intended public video surveillance for commercial purposes was unlawful and should not be pursued. More recently, and on point, Canada’s Privacy Commissioner, Jennifer Stoddart, has sent a letter to Google outlining the concerns about Google Street View from a Canadian privacy law perspective.
Stay tuned… this story is just beginning.
Leave a Comment » | Internet, PIPEDA, Privacy, Technology, Video Surveillance | Tagged: Businesses, Google, Internet, Personal Information, PIPEDA, Privacy, Privacy Commissioner, Privacy Compliance | Permalink
Posted by Brian Bowman
March 30, 2009
As you know, instant messaging, text messaging, blog postings, online chat forums and social networking websites (such as Facebook and MySpace) have changed the way in which people communicate. Regrettably, however, many of these new communications tools (in particular, online forums and social networking websites) are being used to defame not only individuals, but businesses as well. It should not be forgotten that businesses can be defamed.
In general, the defamation (written and spoken) of a business occurs when a party lowers the reputation of a business in the estimation of other members of society or an industry. Since a business doesn’t have “feelings”, defamation cases related to businesses focus on the damage to a business’ reputation or goodwill due to the comments of another party. The following court cases are worth checking out, both of which confirm that a business can be defamed and, as a result, is entitled to receive monetary compensation.
In Barrick Gold v. Lopehandia, the defendant was found liable for a massive online defamation campaign initiated by the defendant against the plaintiff. The defendant had posted comments on gold and mineral investor related online forums defaming the plaintiff. The Ontario Court of Appeal noted that Internet defamation is different than traditional written forms of defamation since online defamation, or “cyber libel”, is often taken at face value, and is capable of instantly reaching an unlimited number of persons around the globe. The plaintiff corporation was awarded $75,000 in general damages for damage to its reputation and goodwill, $50,000 in punitive damages, and a permanent injunction to prevent further postings.
In WeGo Kayaking Ltd. et al v. Sewid, the British Columbia Supreme Court awarded $250,000 in general damages to the plaintiff corporation in relation to “review” comments posted online that incorrectly and intentionally classified the plaintiff as a “bad” tour company.
Defamation doesn’t just happen to individuals. These cases serve as a reminder to businesses that they are capable of being defamed and, as a result, should diligently protect their online reputations.
1 Comment | Facebook, Internet, Online Reputation Management, Social Networking Websites | Tagged: Businesses, Court, Defamation, Facebook, Internet, MySpace, Online Reputation Management, Social Networking | Permalink
Posted by Brian Bowman
March 23, 2009
Bell Canada recently announced that it would acquire The Source, a national electronics dealer. Bell has indicated that it will be acquiring substantially all of the assets of The Source.
I don’t know what those assets will be, but I think it is an interesting example of the fact that even in recessions we still see acquisitions of companies. When an organization’s assets are bought, one of the most valuable assets that are purchased is often its customer list.
PIPEDA and other applicable privacy laws, of course, govern transactions involving personal information. In the course of such transactions some companies are now implementing concepts once used only to secure physical assets. For example, many organizations are choosing to employ “escrow” arrangements to ensure the security of personal information.
Most businesses now understand that the implications of violating applicable privacy laws can be very serious to the reputation and bottom line of both the vendor and purchaser. As part of a sale of a customer list, and depending on the specific circumstances, both parties may agree that the customer list be placed in escrow until the transaction is completed. This ensures that what is likely the most valuable asset in the transaction – the customer list – is protected from unintended disclosures prior to the actual transfer of the business.
1 Comment | Access to Information, Due Diligence, Privacy, Sale Transactions, Security | Tagged: Access to Information, Businesses, Customers, Due Diligence, Personal Information, PIPEDA, Privacy, Sale Transactions, Security | Permalink
Posted by Brian Bowman
March 9, 2009
If you’re a privacy professional you will know that Canada’s privacy laws are in place to protect the privacy rights of individuals, not businesses.
Despite this fact and that Canada’s federal privacy law, PIPEDA, has been in force since 2001, it’s surprising how many others are confused on this point.
For instance, I recently had a client make an information request to an organization for access to corporate information. When the organization responded, they denied access to the requested information and claimed that PIPEDA required that they do so in order to protect the privacy interests of a business.
There may be circumstances where organizations have other legitimate reasons for denying access to certain information. There may also be circumstances where privacy laws such as PIPEDA should be cited in denying access to certain business records where releasing the information could unlawfully disclose the personal information of another individual. Organizations should not, however, cite Canada’s privacy laws as a justification to deny access to information requests on account of the privacy rights of a business.
If you encounter this scenario you may be dealing with someone who either doesn’t understand privacy laws or who is perhaps being disingenuous. After all, the general thrust of Canada’s privacy laws is to encourage organizations to create a culture of privacy in order to protect the privacy of individuals whose personal information is collected, used, retained or disclosed by such organizations.
2 Comments | Access to Information, Due Diligence, PIPEDA, Privacy | Tagged: Access to Information, Businesses, Corporate Information, PIPEDA, Privacy | Permalink
Posted by Brian Bowman
February 20, 2009
Privacy professionals will know first hand the importance of conducting regular staff privacy training, which can mitigate customer privacy complaints and (as a result) the overall costs of privacy compliance. I certainly know from my practice that the costs to businesses can be quite significant when having to deal with serious privacy complaints. These costs can include settlements, legal fees and lost productivity. Obviously, it’s better to be proactive and reduce the chances of having to deal with privacy complaints. That’s where regular staff privacy training comes in! Businesses really should conduct staff privacy training on a regular basis – in my view, at least on an annual basis.
In a recent speech to the 10th Annual Privacy and Security Conference in Victoria, B.C., Privacy Commissioner Jennifer Stoddart commented, “Polling for my Office in 2007 found that only a third of all businesses reported having trained staff about their responsibilities under Canada’s privacy laws. This is a huge concern! We recently conducted an analysis of 86 breaches reported to my Office and found that employee awareness and training was the most important contributing factor. It was an issue in more than half of the spills we examined! We found that very basic mistakes – human errors – often lead to breaches. Breaches are caused mostly by employee misconduct and human error, not technological weaknesses.” The full speech is entitled, “A Privacy Check Up For Canadians: Is the Glass Half Empty or Half Full?” and is definitely worth reading.
Leave a Comment » | PIPEDA, Privacy, Training | Tagged: Businesses, Due Diligence, Employees, PIPEDA, Privacy, Privacy Breach, Privacy Commissioner, Privacy Compliance, Privacy Forum, Training | Permalink
Posted by Brian Bowman
February 18, 2009
After several days of intense media scrutiny, Facebook has backed down on controversial changes to its Terms of Service (TOS). Both CTV Winnipeg and the Winnipeg Free Press asked me to comment on this timely story, which provides a lesson for other businesses that operate websites to be mindful that TOS (and privacy policies) must be able to withstand legal scrutiny but also user expectations.
3 Comments | Facebook, Internet, Marketing, Online Reputation Management, Privacy, Social Networking Websites | Tagged: Businesses, Facebook, Internet, Marketing, Online Reputation Management, Personal Information, Privacy, Social Networking | Permalink
Posted by Brian Bowman
February 13, 2009
British Columbia’s Supreme Court has awarded a record-setting judgment of over $1 million to a B.C. businessman for invasion of privacy as reported by Canwest News Service.
In 2005, Hal Neumann’s home was searched by the Canada Revenue Agency, who were looking for records and documents he’d already given to the government. The CRA is studying the decision to determine if they will appeal.
This judgement is significant because it demonstrates that Canadian courts are now willing to award substantial damages for an invasion of privacy. Public bodies or private sector organizations in Canada that think privacy rights don’t have teeth should reconsider after seeing this groundbreaking decision.
Leave a Comment » | Government, Privacy | Tagged: Businesses, Case law, CRA, Government, Privacy | Permalink
Posted by Brian Bowman
February 12, 2009
Leave a Comment » | Identity Theft, Internet, Online Reputation Management, Online Shopping, Safeguarding, Security | Tagged: Businesses, Identity Theft, Internet, Online Reputation Management, Online Shopping, Personal Information, Privacy Policy, Safeguarding, Security | Permalink
Posted by Brian Bowman
February 12, 2009
Leave a Comment » | Marketing, Privacy, Safeguarding, Sale Transactions, Security | Tagged: Businesses, Customers, Employees, Marketing, Privacy, Privacy Commissioner, Privacy Training, Safeguarding, Security | Permalink
Posted by Brian Bowman
February 12, 2009
2 Comments | Due Diligence, PIPEDA, Privacy, Safekeeping, Security | Tagged: Businesses, Due Diligence, Personal Information, PIPEDA, Privacy Breach, Retention, Safeguarding, Security | Permalink
Posted by Brian Bowman
February 10, 2009
Leave a Comment » | Privacy, Security, Technology, Video Surveillance | Tagged: Businesses, Privacy, Privacy Commissioner, Security, Technology, Video Surveillance, Workplace Surveillance | Permalink
Posted by Brian Bowman
February 10, 2009
Leave a Comment » | Access to Information, Due Diligence, Privacy, Sale Transactions | Tagged: Access to Information, Acquisitions, Businesses, Mergers, Personal Information, Privacy, Privacy Compliance, Selling Business | Permalink
Posted by Brian Bowman
February 9, 2009
Leave a Comment » | Access to Information, PIPEDA, Privacy, Safeguarding, Security | Tagged: Access to Information, Businesses, PIPEDA, Privacy, Privacy Commissioner, Privacy Impact Assessments, Safeguarding, Security | Permalink
Posted by Brian Bowman
February 9, 2009
Leave a Comment » | Gaming, Intellectual Property, Marketing, Technology | Tagged: Businesses, Digital Gaming, Entrepreneurs, Fortune Cat Games Studio, Gaming Industry, Intellectual Property, Manitoba, Marketing, Technology | Permalink
Posted by Brian Bowman
February 6, 2009
Leave a Comment » | Access to Information, Identity Theft, PIPEDA, Privacy, Security | Tagged: Access to Information, Breach Notification, Businesses, Identity Theft, PIPEDA, Privacy, Privacy Breach, Privacy Compliance | Permalink
Posted by Brian Bowman
February 6, 2009
Leave a Comment » | Access to Information, Identity Theft, Privacy, Security | Tagged: Access to Information, Businesses, Fraud Prevention, Identity Theft, Legislation, Personal Information, Privacy, Safeguarding, Security | Permalink
Posted by Brian Bowman
February 6, 2009
Leave a Comment » | Due Diligence, PIPEDA, Privacy, Security | Tagged: Businesses, Customers, Due Diligence, Personal Information, PIPEDA, Privacy, Security, Selling Business | Permalink
Posted by Brian Bowman
Can the act of connecting with other professionals on social networking websites such as LinkedIn constitute a violation of a non-compete or non-solicitation contractual undertaking? Are departing employees that are subject to such restricted covenants required to disconnect and “de-friend” colleagues and customers of their former employer until the contractual undertaking have expired?
Online shopping a risky transaction: Protect yourself from identity thieves
Privacy matters to most customers: Staff should be able to handle concerns
Data “packrats” failing customers: Companies need policies on retention
Privacy chief important role in modern firm
Guidelines aid in use of surveillance cameras
Recording telephone calls could be a risky business
Get your company’s privacy policy in order: Potential purchasers will need to know
Businesses face challenge in winning people’s trust
Incubator nurtures local digital gaming
Businesses must take steps to prevent I.D. theft
Take steps to protect confidential information
Protecting IDs is good business, and it’s the law
Buying or selling a business requires due diligence
Ruling has significant implication for businesses
Information Act reform will affect businesses
Warning: Inventor holds copyright
Outsourcing comes with risks; U.S. service providers bring privacy concerns 
