Private-sector privacy law debated in Manitoba

May 21, 2009

The Manitoba Legislature is currently debating Bill 219The Personal Information Protection and Identity Theft Protection Act.

The Bill has been introduced as a private member’s Bill by Mavis Taillieu of the Opposition Progressive Conservative Party of Manitoba. It seeks to regulate the collection, use and disclosure of personal information by organizations in the private sector and is intended to be “substantially similar” to the federal Personal Information Protection and Electronic Documents Act (PIPEDA).  It would also establish a duty for organizations to notify individuals who may be affected when the personal information an organization has collected is lost, stolen or compromised.  Such a requirement would be groundbreaking in Canada (notwithstanding Ontario’s Personal Health Information Protection Act, which has a mandatory breach notification requirement).

Regrettably, the Government of Manitoba indicated in the Legislative Assembly debate last week that it has two primary concerns with the Bill.  The first concern is that the Bill lacks an independent oversight body such as a Privacy Commissioner of Manitoba. Legislative rules prevent private member’s Bills from containing financial penalties and so the Bill could not contain such provisions.  However, the government could add those provisions in amendments.  In fact, I assisted with the drafting of the Bill and would happily provide the government with the relevant provisions. The second concern raised by the government is that the Bill would introduce legislation in Manitoba that (according to the government) would regulate activities in the private sector already governed by PIPEDA. However, PIPEDA does not apply to the activities of private sector organizations in provinces such as Alberta and British Columbia, both of whom have Personal Information Protection Acts, because PIPEDA does not apply where “substantially similar” provincial legislation exists.

The Bill was first introduced in 2005 and since that time the need for such a law has significantly grown.  It’s modelled after Alberta’s Personal Information Protection Act, which provides a more business-friendly and clear legislative scheme than PIPEDA.  As I’ve previously argued, it would be good policy for the Government of Manitoba to support the Bill and I once again urge them to do so. 

If you want a more business-friendly privacy law in Manitoba, I’d strongly encourage you to contact the Government of Manitoba and Mavis Taillieu to indicate your support. 

Additional coverage on this topic by the Canadian HR Reporter here.

2 Comments | Employee Monitoring, Government, Identity Theft, Ombudsman, PIPEDA, Privacy, Privacy Breach, Safeguarding, Safekeeping, Security Breach | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Pandemics and privacy

April 27, 2009

disease-2Over the past couple of years, the world has been preparing for a pandemic. Most experts believed that the avian flu was the most significant threat that faced the world, but recent declarations of a potential pandemic with confirmation of cases in Mexico, the U.S. and Canada from a swine flu have led to fears that the next pandemic is upon us.   In the event of a pandemic, the government of Canada has set up a website, which will provide information to the public. 

In times of fear, governments and citizens alike often overreact to address a threat.   It is times like this that individuals, in addition to heeding advice about how to avoid the flu, should be vigilant about what measures the government may be taking to address this health crisis.  Last summer, Canada experienced another health crisis when a strain of listeria was found in certain meat products.  Tragically, by the time it was over, 21 people had reportedly died.   The public health crisis was announced mid-August, but a team of researchers at Google later found that searches for the term listeriosis spiked in Canada about a month before the public announcement.  An article published in the Canadian Medical Association Journal indicated that those searches lined up with the peak of the outbreak while the public announcement came while new cases were on the decline. 

The analysis of aggregated search trends has been proposed as a means to fight pandemics and outbreaks of illnesses.  However, even those proposing this analysis have admitted this type of analysis is complicated because it is difficult to know who is searching and why.   In the Government of Canada’s News Release on April 26, 2009, a short privacy policy was cited stating that although Service Canada does not normally use cookies, if you have cookie notifications set on your browser, you would be notified.  However, earlier this month, the same site indicated that the Pandemic Influenza Portal did not normally use cookies to track visitors to the site and that the system would notify you before any cookies were used so you could refuse them with no reference to what your computer settings were. 

This change is a minor one but it may possibly be an indication of the small bits of privacy that Canadians will be expected to give up during these times of concern.

Leave a Comment » | Government, Health Crisis, Internet, Privacy, Security | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Right to privacy worth $1 million (Cdn)

February 13, 2009

money-2British Columbia’s Supreme Court has awarded a record-setting judgment of over $1 million to a B.C. businessman for invasion of privacy as reported by Canwest News Service.

In 2005, Hal Neumann’s home was searched by the Canada Revenue Agency, who were looking for records and documents he’d already given to the government. The CRA is studying the decision to determine if they will appeal. 

This judgement is significant because it demonstrates that Canadian courts are now willing to award substantial damages for an invasion of privacy.  Public bodies or private sector organizations in Canada that think privacy rights don’t have teeth should reconsider after seeing this groundbreaking decision.

1 Comment | Government, Privacy | Tagged: , , , , | Permalink
Posted by Brian Bowman

To release or not to release: The Brian Sinclair tragedy

February 12, 2009

question-21If you’re from Winnipeg, you’re well aware of the terrible tragedy of Brian Sinclair, who passed away in the emergency department of the Health Sciences Centre after waiting to see a doctor for 34 hours. Manitoba’s NDP government and the Winnipeg Regional Health Authority (WRHA) have been dealing with the political and legal consequences since Mr. Sinclair’s death last fall.

I was asked yesterday to provide comment to the Winnipeg Sun on the validity of the government’s recent claim that it could not release the first administrative review into the tragedy because of privacy concerns. The story serves as a reminder to government bodies and businesses of the challenges (and need for expert legal counsel) when dealing with access to information and related privacy matters.

A separate story reported at TechCrunch demonstrates the risks when releasing redacted documents to the public.  Canadian privacy laws typically require organizations to blackout, or redact, portions of documents that contain someone else’s personal information unless that person consents to its disclosure.  It’s a time-consuming, but important, step that organizations need to take before disclosing documents under access to information legislation.  But, as this story points out, organizations need to be very careful about how they redact!

Leave a Comment » | Access to Information, Privacy | Tagged: , , , , , , | Permalink
Posted by Brian Bowman

Feel you have no privacy?

February 5, 2009

spyingFeel you have no privacy? You’re not alone

My May 3, 2006 column in the Winnipeg Free Press examines the Manitoba Ombudsman’s 2003 report, which included a survey indicating that 60% of Manitobans believe that they have less personal privacy than they did in 1998.

Leave a Comment » | Privacy, Security | Tagged: , , , , , | Permalink
Posted by Brian Bowman

Next Entries »
Follow

Get every new post delivered to your Inbox.

Join 77 other followers