Access to Information Webinar

November 29, 2010

Managing access to information requests by public sector organizations has never been more challenging than it is today. Complex public-private sector business arrangements, growing expectations for access by the public and increasing volumes of electronic records are all making it difficult to navigate access to information laws in the context of the real world. As a result, I thought that a one hour complimentary webinar would help! I hope you can attend.

What topics will be covered?

  • Overview of access to information 101: the basics
  • The 3 vantage points: public bodies, applicants & third parties
  • Review of recent cases/headlines
  • Identifying key legal and PR landmines
  • Discussion of trends in access to information
  • Practical tips for managing requests in a cost-effective manner

Who should attend?

Public bodies who are subject to access to information laws, private-sector organizations who regularly deal with public bodies and individuals/organizations who routinely initiate access to information requests under public sector access to information laws. 

When is the webinar? 

Wednesday, January 26th, 2011 from 1 – 2 PM (CST)

Please register <here> (space is limited)

Leave a Comment » | Access to Information, Ombudsman, Webinar | Tagged: , , , | Permalink
Posted by Brian Bowman

Is covert surveillance ever legal?

June 10, 2010

A former administrator in the Rural Municipality of La Broquerie has alleged that town politicians installed hidden video surveillance cameras in nearly every room in the municipality offices to secretly spy on rival councillors, staff and even the public.

Manitoba’s Ombudsman is investigating these explosive allegations. If they are true, it is very hard to image a legal defence. But can the use of covert video surveillance ever be legal?

Read more>>

Leave a Comment » | Employee Monitoring, Monitoring, Ombudsman, Privacy, Video Surveillance | Tagged: , , , , | Permalink
Posted by Brian Bowman

A Conversation with Irene Hamilton, Manitoba’s Ombudsman

February 9, 2010

Continuing a series of blog posts that I’m calling “A Conversation with…“, I’m pleased to post the following conversation with my fellow Manitoban and our Provincial Ombudsman, Irene Hamilton.

Irene Hamilton, and her team of professionals at the Office of the Manitoba Ombudsman (the Ombudsman’s Office”), provides excellent service to Manitobans. Thanks to Irene Hamilton’s leadership, the Ombudsman’s Office has made a number of improvements to its operations over the years. I’m looking forward to seeing the changes to the Ombudsman’s Office website referenced below.

Thanks to Irene Hamilton for agreeing to engage in this online Q & A conversation.  If you’d like to learn more about Irene Hamilton, the Ombudsman’s Office, or the issues raised in this conversation, I’d encourage you to visit the Ombudsman’s Office website.

Q.  In most other provinces, privacy oversight is performed by an Information and Privacy Commissioner. How does the role of the Ombudsman compare to these positions?

A.  In Manitoba, the Ombudsman is the Information and Privacy Commissioner as well. The role and function of the Ombudsman is similar to 10 of the 15 federal, provincial and territorial jurisdictions in Canada that have access to information and protection of privacy laws. In these 10 jurisdictions, the Information and Privacy Commissioner has “ombudsman” powers – that is, the power to comment proactively, investigate complaints and make recommendations to public bodies, but not the power to issue orders. In Prince Edward Island, Quebec, Ontario, Alberta and British Columbia, the Commissioners can issue orders in relation to access to information and protection of privacy.

There are other differences among the jurisdictions as well. With The Personal Health Information Act or “PHIA”, Manitoba had the first information privacy statute in North America dealing specifically with personal health information (as opposed to Manitoba’s Freedom of Information and Protection of Privacy Act, or “FIPPA”, that concerns access to and privacy of other kinds of information). Four other Canadian provinces have enacted similar legislation to PHIA since 1998, when PHIA first came into force here.

Q.  The Freedom of Information and Protection of Privacy Act (“FIPPA”) includes, as its title suggests, both access to information and privacy mechanisms. On the face of it, these two terms seem inconsistent. How do we bring them together?

A.  The application of the provisions of FIPPA do not create the inconsistency that one might infer from the title.

FIPPA has a set of rules concerning access to information and a set of rules concerning privacy of personal information. These two sets of rules are contained in two distinct parts of the Act and are administered separately.

There is a set of rules on how an individual can formally request access to a particular record under the control of provincial and municipal governments and other public bodies and how the public body is to respond. The general rule is that an individual has the right to see or receive a copy of the requested record, but specific exceptions can apply. One of those exceptions relates to protecting the privacy of information about another individual. The idea is to provide as much of the requested information as possible. This particular set of rules is triggered only when a person makes a formal FIPPA request for information.

The other set of rules in FIPPA is always in operation. These rules set out how provincial and municipal governments and other public bodies are to handle records containing personal information that are in their control while conducting their duties. These rules describe in what situations a public body can collect, use or share personal information and the basic rule is that the most limited amount of personal information necessary is to be handled for a particular situation. While an individual can expect certain privacy, there are specific situations where records about them can be collected, used or shared without their consent — for example for safety, public policy and specific operational reasons.

Q.  Your office supports the “Right to Know” initiative. What is “Right to Know” about and why do you support it?

A.  “Right to Know” is an international celebration observed annually in late September, to remind people that governments have legislation allowing people to obtain information held by government and other public bodies. The right of access, when used by individuals or organizations like media, helps to improve knowledge about government, scrutinize government and address public issues. “Right to Know”, with its public events and media focus, reinforces the commitment to a culture and spirit of openness, and promotes public awareness of access to information principles and the resources that assist in adherence to the legislation.

Q.  Manitoba, like other provincial governments, has introduced Enhanced Identification Cards (“EIC”) to respond to increased security demands at U.S. border crossings. What role has your office played in the development and rollout of EICs?

A.  Together with my Privacy Commissioner colleagues, I am of the view that the Enhanced Identification Card or “EIC” — a voluntary identity document for entry into the U.S. by road or water — raises privacy implications. I am pleased to say that my office was consulted early in the development of the Manitoba Enhanced Identification Card and we continued to be involved as the Manitoba Enhanced Drivers License was introduced as well. Through our participation we wanted to accomplish two main goals: 1. to fulfill our oversight role in relation to new government programs or initiatives by providing our comments to ensure the protection of personal information to the extent possible; and, 2. to bring the perspective of the public to the process by asking questions that people might have. In the process, we have promoted providing detailed information to the public so that they can determine if the EIC or EDL is the right card for them. We have also produced a “privacy awareness fact sheet” for persons considering obtaining an EIC or EDL.  This is on our web site, at www.ombudsman.mb.ca.

Q.  Your office releases summaries of selected access and privacy cases on its website. What is the most common area you investigate and report on?

A.  One of our goals for this year is to redesign our website and include regular postings of our reports online for the reference of information privacy professionals as well as the public that will provide a better understanding of how we interpret various sections of the acts, and the basis upon which we come to our conclusions. Having said that, since June 2005 our office has produced dozens of “practice notes” about interpreting and administering various sections and principles of FIPPA and PHIA, probably of greater interest to information privacy professionals than to the public. These, too, are on our Manitoba Ombudsman web site.

We find that the greatest number of complaints that we receive are refusals of access to information under FIPPA. This includes not only responses by public bodies refusing access, but also failures to respond to the applicant. Unfortunately, we also receive numerous complaints about privacy breaches under PHIA.

Q.  Looking forward, what kind of privacy developments should we watch for in 2010?

A.  The file that will be most time consuming for us will be privacy protection of personal health information in the electronic health record that has been under development in Manitoba and across Canada for some time. Significant funds have been made available to Departments of Health throughout the country to build electronic systems that will connect to provide instantaneous access to health records. The system is designed to promote better care and eliminate administrative repetitiveness. Our view is that the public needs to understand what the electronic health record or “EHR” is, its scope and how their personal health information will be used and shared within that system.

3 Comments | Ombudsman, Privacy | Tagged: , , , , , , | Permalink
Posted by Brian Bowman

NDP dragging its heels on our privacy

February 5, 2010

It’s safe to say that the Alberta provincial government is regarded as being right wing. But Manitoba’s? Not at all. So why then is Alberta light years ahead of Manitoba at protecting workers’ privacy?

Read more>>

The above link takes you to the Winnipeg Sun.  I’m delighted to have been asked by Sun Media Corp. to provide Comment columns like today’s on a monthly basis.  I hope you find them of interest!

Leave a Comment » | Employee Monitoring, Government, Identity Theft, Personal Information, PIPA, PIPEDA, Privacy, Privacy Commissioner | Tagged: , , , , | Permalink
Posted by Brian Bowman

Manitoba private sector privacy legislation: An insurmountable goal?

December 11, 2009

University of Manitoba law student, Courtney Pope, has just drafted an in-depth paper (below) on Bill 219The Personal Information Protection and Identity Theft Protection Act. As I’ve previously posted here, Bill 219 seeks to regulate the management of personal information by organizations in the Manitoba private sector and is intended to be “substantially similar” to the federal Personal Information Protection and Electronic Documents Act (PIPEDA). 

Courtney’s paper, entitled “Bill 219: An Insurmountable Goal”, argues that the law is necessary in order to “effectively protect the privacy rights of all Manitobans”.  The paper outlines the main features of the Bill; examines the role of PIPEDA and the concept of “substantially similar” legislation; and analyzes the main arguments advanced for and against the Bill, as expressed in Hansard and in the context of the Bill’s legislative history. Courtney also advances theories regarding the major impediments to its passing.

Courtney was a summer student at Pitblado LLP this past summer and will (fortunately for us) be returning in the New Year to complete her Articles.  Thanks to Courtney for sharing her paper, which you can read by clicking on the hyperlink below.

Bill 219: An Insurmountable Goal

Leave a Comment » | Bill 219, Personal Information, PIPEDA, Privacy | Tagged: , , , , | Permalink
Posted by Brian Bowman

“Crossing the picket lines” to privacy

September 8, 2009

On StrikeCall off the strike, some trade unions are protecting more than their members’ collective bargaining rights. In fact, many unions have taken a proactive approach to privacy by creating policies that attempt to comply with the benchmarks set out in the federal Personal Information Protection and Electronic Documents Act (“PIPEDA). However, there hasn’t yet been a case summary or court action under PIPEDA that definitively determines whether a union that collects personal information in their general capacity is obligated to observe the rules outlined in the legislation. As a result, some unions are complying with PIPEDA’s obligations to protect their members’ privacy and, regrettably, some unions are not.

The application of PIPEDA is dependent on the existence of a “commercial activity.” Although this term is vague, the case is strong that most union activities are, in fact, captured by PIPEDA. What is certain is the application of Alberta’s privacy legislation, the Personal Information Protection Act (“Alberta’s PIPA”), to the management of personal information by unions. The application of Alberta’s PIPA is not dependent on the existence of a “commercial activity”. As a result, a 2006 Investigation Report from the Alberta Information and Privacy Commissioner found that the collection of personal information by unions in their general capacity subjects them to the requirements found in Alberta’s PIPA. Manitoba’s Bill 219, The Personal Information Protection and Identity Theft Protection Act (the “Manitoba Bill”) is modeled after Alberta’s PIPA. Similar to Alberta’s PIPA, the application of the Manitoba Bill does not depend on whether an organization is engaged in a “commercial activity.”

As I’ve argued in previous posts, the Manitoba Government should support the Manitoba Bill (which was introduced as a private member’s bill by opposition member, Mavis Taillieu). The Manitoba Bill creates a level of certainty with regards to the privacy rights of union members. That’s one of the many reasons why the Manitoba government should ”cross the picket lines” to privacy and support the Manitoba Bill in this fall session of the Manitoba Legislature.

Leave a Comment » | Government, Personal Information, PIPA, PIPEDA, Privacy | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Manitoba Ombudsman’s 2008 Annual Report Released

June 25, 2009

ResultsThe Manitoba Ombudsman‘s Office recently released its annual report outlining the activities of its Access and Privacy Division in 2008. Here are some highlights…

Of the 198 new access complaints that were launched, 134 (68%) dealt with “refused access”. This indicates that the provincial government and public bodies either have to be more willing to grant access when requested or do a better job at explaining their rationale for refusing access. Of the 207 cases that were closed in 2008, 38% of the complaints were supported by the Ombudsman, 35% were not supported and 5% were resolved before the Ombudsman could issue a finding. This indicates that all of the complaints brought to the Ombudsman are not without merit. The public appears to have a relatively good understanding of what their rights are under FIPPA and PHIA.

The Ombudsman has also been proactively involved in the development stages of legislation and programs in order to address potential privacy issues. For example, the Ombudsman expressed concerns about the technology used in Enhanced Drivers Licenses (EIC). Radio Frequency Identification chips store the necessary information on the EICs, but the chips are always “on”, meaning that they can be read by unauthorized individuals. This concern is being addressed by providing the cardholder with a protective sleeve. However, if the sleeve is ripped, torn or used improperly, it will not provide the necessary protection. Therefore, the Ombudsman has stressed that it is essential that individuals understand the privacy implications of opting into the EIC program.

The Ombudsman was also been involved in assessing the use of closed-circuit television monitoring by Winnipeg Police, who have agreed to follow the recommendations of the Ombudsman and will not live-monitor the cameras and will work towards developing retention policies and technology to “sever” individuals from images which are not relevant.

Overall, the Ombudsman largely applauds public bodies and government agencies for addressing privacy concerns in the development phases of new programs and legislation. However, it is clear that public bodies need to do a better job of dealing with access requests.

Leave a Comment » | Access to Information, Government, Ombudsman, Privacy | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Information & Ideas team speaks out on slaw.ca

May 29, 2009

It’s been a thrilling week for my colleagues at Pitblado LLP as it was announced earlier this week that we were to be the 1st Canadian law firm to be a guest blogger on the must-read slaw.ca.  Yours truly, three of my colleagues from our firm’s Information & Ideas Practice Group as well as our firm’s librarian each contributed one post a day this week to slaw.ca on cutting edge legal topics.  Here’s what we covered…

On Monday, I posted “What Would Happen If One of your Employees Posted a Video of an Irate Customer on YouTube?”, which I cross posted on my blog earlier this week.  The post highlights a YouTube video of an irrate customer as a reminder to Canadian businesses of the powers of new technologies such as YouTube and the corresponding need to protect against the dissemination of this type of video through employee privacy training and the adoption and enforcement of privacy and procedures.

On Tuesday, Carol Lynn Schafer posted “Do TOS Have the Final Word on our Fundamental Rights and Freedoms?”, which discusses the controversial effects of Terms of Service on popular websites such as Facebook and Twitter.  As Carol Lynn notes, Terms of Service should be drafted with the bigger picture in mind and can no longer be seen as standard agreements that can be treated with a one size fits all approach.

On Wednesday, Jolin Spencer posted “Whose Property Is It, Anyway?”, which discusses the questions that come into play when employees leave their positions.  For example, what can an employee take, and what must they leave, when they vacate their position? As Jolin points out, no business wants its intellectual property assets walking out the door with a former employee.

On Thursday, our firm’s librarian, Karen Sawatsky, posted “Legal Research Bootcamp – Winnipeg Style”, which discusses her experience collaborating with members of the Manitoba Bar Association and the Law Society of Manitoba to create a CLE for articling students on legal research. The Legal Research Bootcamp is a first for Manitoba students, and aims to bridge the gap between when students start their articles and when CPLED begins in the fall.

And last but not least, today Adam Herstein posted “Manitoba: Innovative Fighter of Child Sexual Exploitation”, which focuses on Manitoba’s recent enactment of The Child and Family Services Amendment Act (Child Pornography Reporting) (Manitoba) and how Manitoba is the first province in Canada to enact legislation that makes it mandatory for a person who encounters child pornography to report it to authorities.  Adam also notes that Canada has a national tipline called Cybertip.ca for reporting the sexual exploitation of children.

Thanks to slaw.ca for the opportunity to contribute!

1 Comment | Blogs, Copyright, Facebook, Government, Intellectual Property, PIPEDA, Privacy, Social Networking Websites, Technology, Training | Tagged: , , , , , , , , , , , , , , , , , , | Permalink
Posted by Brian Bowman

Private-sector privacy law debated in Manitoba

May 21, 2009

The Manitoba Legislature is currently debating Bill 219The Personal Information Protection and Identity Theft Protection Act.

The Bill has been introduced as a private member’s Bill by Mavis Taillieu of the Opposition Progressive Conservative Party of Manitoba. It seeks to regulate the collection, use and disclosure of personal information by organizations in the private sector and is intended to be “substantially similar” to the federal Personal Information Protection and Electronic Documents Act (PIPEDA).  It would also establish a duty for organizations to notify individuals who may be affected when the personal information an organization has collected is lost, stolen or compromised.  Such a requirement would be groundbreaking in Canada (notwithstanding Ontario’s Personal Health Information Protection Act, which has a mandatory breach notification requirement).

Regrettably, the Government of Manitoba indicated in the Legislative Assembly debate last week that it has two primary concerns with the Bill.  The first concern is that the Bill lacks an independent oversight body such as a Privacy Commissioner of Manitoba. Legislative rules prevent private member’s Bills from containing financial penalties and so the Bill could not contain such provisions.  However, the government could add those provisions in amendments.  In fact, I assisted with the drafting of the Bill and would happily provide the government with the relevant provisions. The second concern raised by the government is that the Bill would introduce legislation in Manitoba that (according to the government) would regulate activities in the private sector already governed by PIPEDA. However, PIPEDA does not apply to the activities of private sector organizations in provinces such as Alberta and British Columbia, both of whom have Personal Information Protection Acts, because PIPEDA does not apply where “substantially similar” provincial legislation exists.

The Bill was first introduced in 2005 and since that time the need for such a law has significantly grown.  It’s modelled after Alberta’s Personal Information Protection Act, which provides a more business-friendly and clear legislative scheme than PIPEDA.  As I’ve previously argued, it would be good policy for the Government of Manitoba to support the Bill and I once again urge them to do so. 

If you want a more business-friendly privacy law in Manitoba, I’d strongly encourage you to contact the Government of Manitoba and Mavis Taillieu to indicate your support. 

Additional coverage on this topic by the Canadian HR Reporter here.

2 Comments | Employee Monitoring, Government, Identity Theft, Ombudsman, PIPEDA, Privacy, Privacy Breach, Safeguarding, Safekeeping, Security Breach | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Upcoming Canadian Privacy Law Conferences

April 13, 2009

business-concepts-22Ongoing privacy training is a vital tool to assist with privacy law compliance. In this respect, the following Canadian privacy law conferences in the coming months may be of interest to you or others in your organization:

  • On May 20, 2009, the Manitoba Bar Association will be hosting an IP/Technology Section luncheon where I will be speaking about emerging privacy issues. Of course, you need to be a member or a guest of the Manitoba Bar Association to attend.
  • On May 27 and 28, 2009, I will be one of several speakers in Toronto for The Canadian Institute‘s Meeting your Privacy Obligations conference where I will be speaking on the topic of ‘Demystifying the confusing area of lawful disclosure’.
  • From June 10-12th, the University of Alberta will be hosting the 2009 Access and Privacy Conference: The Pursuit of Truth.
  • From June 17 – 19th, I will be speaking in Winnipeg at the National Credit Institute‘s 2009 CIC National Conference: “Back to our Roots, Forward to our Future” on the privacy law matters affecting those in the credit industry.
  • The Privacy Security Trust 2009 (PST2009) will be hosting the Seventh Annual International Conference on Privacy, Security and Trust in Saint John, New Brunswick from August 25 – 27, 2009.
  • The 2009 IEEE International Conference on Information Privacy, Security, Risk and Trust will be held in Vancouver, British Columbia from August 29 – 31, 2009.

    • If there are other Canadian privacy law conferences in the coming months that I haven’t listed, please post a Comment or drop me an e-mail so I can update this post. If you, or your industry association, are interested in more focussed privacy training, please let me know as I regularly conduct in-house privacy training sessions for clients.

    Leave a Comment » | PIPEDA, Privacy, Training | Tagged: , , , , , | Permalink
    Posted by Brian Bowman

    « Previous Entries
    Follow

    Get every new post delivered to your Inbox.

    Join 73 other followers