“Dot”: Old English. A spot. A mark. A period used in applications as a name separator in files and web addresses. “Indicia”: Latin. Signs, indications, evidence. “Dot Indicia”: A personal blog examining marks and signs in our world about information, privacy and security.
Canada’s Yukon Territory joins other domestic jurisdictions in moving to implement personal health information legislation. The Health Information Privacy and Management Act, introduced in November, is now in second reading. Leaving aside the trend to including EHR governance in personal health information statutes, there are some intriguing aspects to the bill not found in other statutes of a similar nature. Read more »
Alberta’s PIPA was recently declared unconstitutional by the Supreme Court of Canada (“SCC”) in Alberta (Information and Privacy Commissioner) v. United Food and Commercial Workers, Local 401. In reading the decision, the issue appears to be the broad, circular definition of “personal information” in that statute. Since a similar definition of personal information is found in the federal, BC and Manitoba statutes, the issue has national implications and goes far beyond labour unions and public picketing. How will Alberta legislature’s amend the statute? Would narrowing the definition of personal information in Canadian statutes fix the problem? If so, what would this mean for Canadian personal information protection law?
The Supreme Court of Canada issued its decision in Alberta (Information and Privacy Commissioner) v. United Food and Commercial Workers, Local 401 this morning. Obviously, digesting the reasons and implications — not limited to Alberta — will take some time, but three sentences at the end say it all:
“Both the Information and Privacy Commissioner of Alberta and the Attorney General of Alberta stated in oral argument that if they were unsuccessful, they would prefer that PIPA be struck down in its entirety. We agree… We would therefore declare PIPA to be invalid but suspend the declaration of invalidity for a period of 12 months to give the legislature time to decide how best to make the legislation constitutional.”
The Supreme Court of Canada issued another privacy-related decision last week. Not only is it a significant refinement of search and seizure law it is also, with apologies to Pink Floyd, another “brick in the wall” with respect to building privacy rights in the context of computing devices. Read more »
The privacy bar sat up and took notice last week of a decision out of Halifax that upped the ante when it comes to PIPEDA damage awards. The case is more about “reprehensible conduct” than “harm suffered” and one question that immediately comes to mind is whether it represents an evolution in judicial thinking about privacy and corporate conduct. Read more »
This is a story about a lawyer, his insurer and the Law Society (and, no, it’s not about me). Normally, this is not a topic one sees in this blog but it just happens to involve the latest judicial decision that touches upon what constitutes “commercial activity” for the purposes of PIPEDA. I have to admit: this decision is a bit of a head scratcher. Read more »
With little fanfare, it appears that Manitoba is the newest province in Canada to enact personal information protection legislation that governs the private sector. Read more »
I had previously written on the subject of electronic health records here, as well as about their governance here. The latter post was about the state of EHR governance in Ontario, especially when one considers legislative developments in Alberta and BC. It seems that the current Liberal government has decided to address the issue with the introduction of Bill 78, the Electronic Personal Health Information Protection Act 2013. Read more »
As we mark the technical end of summer, I can’t help but think that we’ve already seen the privacy case of the year. Granted we still have another three months left in 2013 but R. v. Telus has a lot going for it – especially in this increasingly “mobile” world.
I never thought I’d ever mention Kim Kardashian in a blog post but, surprisingly, I find myself doing so in the context of a privacy breach. The “human element” in privacy violations – whether by error or omission in conduct or a willful or deliberate act – plagues organizations subject to breach notification requirements. Leaving aside compliance costs, conduct that might have met disciplinary action only ten years ago now is increasingly seen as totally unacceptable. But are employees really getting the message yet? And should employers be more explicit in getting that message out. Read more »