Archive for the ‘Legal’ Category

11 May 2016

Mending the consent model: A call for solutions


ReadingPrivacyPolicies

We all encounter scores of user agreements when we go online. Do you read the full terms and conditions governing your use of a site, or do you just hit the “I accept” button and surf on?

If you were to read everything, research suggests you’re spending more than 10 full, 24-hour days of your life every year, immersed in privacy policies and related legalese. If you’re more inclined to skip that stuff and hit “OK”, then know that you’re explicitly allowing the organization to collect, use and share your personal information, exactly as it said it would in that fine print you ignored.

Providing meaningful consent is a cornerstone of Canada’s federal private sector privacy legislation.

Read the rest of this entry »


21 Nov 2012

Employee privacy – a balancing act


Companies are always seeking ways to improve productivity.  The most innovative and successful methods can create some positive buzz around a company.

Other approaches can sometimes be ill-advised, premature or ineffective, and this can make waves within an organization.

Last month, a law firm in Toronto was the subject of some media interest over its highly controversial plan to use fingerprint-scanning technology to monitor the comings and goings of its administrative staff. The plan was meant to ensure that staff were not “abusing the system” with lengthy lunch breaks and short work days. Media reports and blog posts zeroed in on the privacy implications of such a plan.

Our Office wouldn’t have oversight over this specific employment matter – we only have oversight into matters of employee privacy in federal works, undertakings, or businesses (lovingly referred to as “FWUBs”). Otherwise, employee privacy is largely a provincial matter, with several provinces having passed privacy legislation that applies to personal information of private sector employees. It’s unfortunate that there is little redress for employees in those provinces that do not have legislation in place, this being one such case in point.

An employer’s need for information should be balanced with an employee’s right to privacy. While employers may be focused on increasing productivity, they should seek to ensure that they weigh the benefits of any potentially privacy-invasive plans against the costs — and not just economic  costs.  Cost considerations should include potential impact on staff morale, loss of trust and loss of human dignity.

Law firms, in particular, could set a model example in how they handle personal information when managing their law practice. In Girao v. Zarek Taylor Grossman Hanrahan LLP, Hon. Justice Richard Mosley wrote,

““Law firms providing advice to clients who deal with the personal information of their customers must be knowledgeable about privacy law and the risks of disclosure. Lawyers also have a public duty to protect the integrity of the legal process. The failure of lawyers to take measures to protect personal information in their possession may justify a higher award than that which would be imposed on others who are less informed about such matter.”

While the Federal Court was referring to the personal information of clients rather than employees in those circumstances, it’s still a significant message about the high standards of conduct judges expect lawyers to live up to.

We hope law firms will take the opportunity to consult our privacy guidance for lawyers. And we hope organizations will take advantage of the other resources we have on dealing with workplace privacy issues, including our fact sheet for human resources professionals.

 


21 Sep 2012

Citizens watching citizens


Waiting for his bus, a man watches as two people smash a glass window in an attempt to break into a building.  He takes his phone out of his jacket pocket, points it towards the couple across the street, and snaps a photo. He posts it to Twitter. “Incredible,” he writes. “At the corner of Wellington and Fifth.”

Welcome to the world of citizen journalism, where the ubiquity of camera-enabled smartphones and the exploding popularity of social media has led to the rise of citizens watching, and reporting on, the actions of other citizens.

In June 2011, bystanders documented  the scene as a riot broke out in downtown Vancouver following Game Seven of the Stanley Cup Finals. Tips were submitted by the public to the Vancouver police, which included over 1,000,000 photos and over 1,000 hours of video. These events provide a real-life scenario to study the emergence of citizen journalism and the potential for misuse of personal information that comes with it.

We commissioned two independent papers intended to further discussion on this topic. We asked Internet strategist Jesse Hirsh and lawyer Kent Glowinski to explore the technology and legal implications, and to consider possible legal protection for privacy within social media. These papers are now available on our website. We invite you to read them and let us know in the Comments section below what you think.


18 Apr 2012

OPC Hosts First Pathways to Privacy Research Symposium


The Office of the Privacy Commissioner of Canada (OPC) will be hosting its first annual Pathways to Privacy Research Symposium on May 2, 2012, in Ottawa!

The theme for this year’s event is Privacy for Everyone, and we will be discussing the results of research on emerging privacy issues among communities of interest. This year’s event was organized with the assistance of Industry Canada and the Social Sciences and Humanities Research Council of Canada (SSHRC).

Discussions will explore topics such as the changing landscape for youth, reaching diverse populations, cultural perspectives on privacy and frontiers of identification and surveillance among different populations.

This Symposium is a great opportunity to discover privacy-related research funded by the OPC’s Contributions Program and other funders, and will serve as a forum to bring together the people who do the research and those who apply it. Ultimately, we want to enable more people to use and benefit from the excellent privacy research that is being done across Canada. This event is also sure to be a great opportunity to share knowledge, grow partnerships and expand networking among researchers.

A detailed program for the event is available on our web site. If you are interested in participating, please contact Melissa Goncalves at melissa.goncalves@priv.gc.ca or 613-947-7097. Please note that limited audience seating will be available.


28 Nov 2011

Observations on anti-spam law’s regulatory process


The Office of the Privacy Commissioner invites contributions to its blog from members of our External Advisory Committee. Their representation reflects the myriad of public policy perspectives critical to proposing a balanced view on privacy and personal information protection.  While we benefit from their experience and advice, the views they represent in articles appearing here are their own and don’t necessarily represent the views of the Office.

The following blog post is from Professor Michael A. Geist.

Last December, the government celebrated passing eight bills into law, including the long-delayed anti-spam bill. Years after a national task force recommended enacting anti-spam legislation, the Canadian bill finally established strict rules for electronic marketing and safeguards against the installation of unwanted software programs on personal computers, all backed by tough multi-million dollar penalties.

Then-Industry Minister Tony Clement promised that the law would “protect Canadian businesses and consumers from harmful and misleading online threats,” but nearly a year later, the law is in limbo, the victim of a fight over regulations that threaten to undermine important protections and delay implementation for many more months.

One of the most worrying potential changes involves the law’s mandatory disclosure requirements when Canadians install new software programs on their personal computers. With incidents such as the Sony rootkit debacle still fresh in the minds of many – the company surreptitiously installed programs on millions of computers leaving them vulnerable to security breaches – the Canadian law provides welcome protection against spyware and unwanted software.

This issue was hotly debated when the bill came before a House of Commons committee and the compromise language was designed to protect individual privacy and security, while enabling common installations (such as security updates) to proceed unimpeded.

Yet now lobby groups are using the regulatory process to re-open the legislative compromise.

For example, the Information Technology Association of Canada, which represents software and technology companies, argues that software vendors should be permitted to install programs without disclosure provided they notify the user of possible installations within the license agreement. Given the common practice of burying such terms in long agreements that few consumers ever read, few will be aware that they have consented to the secret installation of programs designed to monitor their use of the software.

The law specifically worked to avoid this outcome but it appears that the much-needed privacy and security protections may be in jeopardy.

Professor Michael A. Geist,
Canada Research Chair in Internet and E-commerce Law
University of Ottawa, Faculty of Law


22 Nov 2011

Expression of Interest for Legal Agents


Legal Services, Policy and Research Branch (LSPR Branch) is seeking the assistance of qualified Legal Agents to complement in-house counsel.

The Office of the Privacy Commissioner (OPC) is inviting Expressions of Interest (EOI) from interested lawyers or law firms with demonstrated competence and ability to comply with the criteria set out in the EOI and the related Schedule A. The complete “Expression of Interest for Legal Agents” is available on the OPC website.

Interested lawyers or law firms are invited to qualify themselves on the renewed eligibility list, even if they have already been qualified on previous eligibility lists. This current EOI process will not affect or terminate any current contracts with Legal Agents for legal services with respect to any active matter.

To acknowledge your interest in responding to this expression of interest, and to receive further consideration, your submission must be received by November 30, 2011.

For more information, please contact:

DANIEL CARON, Legal Counsel
Legal Services, Policy and Research Branch
Office of the Privacy Commissioner of Canada
112 Kent Street, 3rd Floor
Ottawa, Ontario K1A 1H3
daniel.caron@priv.gc.ca
613 947 4634