It seems ages since I’ve last posted to this blog but I do wish to assure readers that I’ve not abandoned it and plan to return to more regular posts in the fall. In addition to running a busy law and consulting practice, the spring and summer of 2011 has been spend updating my 2006 Access to Information and Privacy title of Halsbury’s Laws of Canada as well as planning for a new 2012 title on privacy law and management. With only so much time to go around, something had to give and unfortunately it was the regularity of blog posts. Thank you for your patience.
Last week saw a flurry of reports about the case of R. v. Cole. Cole is a decision of the Ontario Court of Appeal involving charges of possession of child pornography. Two reports in the National Post and Globe and Mail suggest this is a groundbreaking decision with significant implications for employers across Canada with respect to reasonable expectations of privacy. It isn’t. And that fact probably says more about the state of the media’s reporting about privacy than anything else. Read more »
I was asked the other day if I thought identity issues were any different from when I dealt with them at TBS some 10 years ago. I paused, thought about it, hummed a bit, thinking of the intervening work done — Oasis (SAML), Liberty Alliance, WS-* — and finally said I didn’t think so. The central concerns and issues — the provisioning of digital identities for use by multiple organizations in the same “identity ecosystem” — remain. For entities wanting to interact with an individual outside of that organization (e.g. in e-commerce, e-government, eHealth, shared services contexts) there is still the question of who they are and what can they do? The answer remains the same as it did in the 90s – it depends. Read more »
There’s a reason why they are called “data protection” as opposed to “privacy” laws. In Canada, the privacy rights you have come from the Charter of Rights – our data protection laws provide rules principally as to the collection, use and disclosure of personal information with more than a passing nod to other topics such as retention, access and security. Data protection legislation in Canada is about a balancing of interests and to understand that balance requires a good feel as to the exceptions to the rules. Anti money-laundering law (“AML”) provides a good illustration. Read more »
When you consider the vast pool of personal health information that exists in electronic health record databases as well as the growing number of registries (both public and private) a large number of unanswered questions exist as to just what people, as patients and stakeholders, should accept as the “rules” surrounding such data. Read more »
I was pleasantly surprised to receive my copy of Information Security and Privacy: A Practical Guide for Global Executives, Lawyers and Technologists – I contributed the section on Canada. It is a new book from the Science and Technology Law Section of the American Bar Association. Thomas Shaw did a very good job piecing together a large number of contributions — in a very short time — into a cohesive whole. In browsing the book, I’m impressed with the large volume of information succinctly presented. If you want a good overview of the topic with principally an American focus, then this book is worth a look.
The subject of medical research and personal information protection can quickly become a quagmire. Even raising the subject risks one being tagged as a Grinch-like character who surely must drown kittens and tell those young cancer-stricken children appearing in telethons that there’s no Santa Claus. The win-win scenario is de-identified information with good security around the linking data that connects the raw health information with individual identities. But can researchers really be trusted to protect personal health information? Read more »
In Ottawa, there’s talk of an election. From a privacy perspective, this raises questions not only about the fate of Bill C-29 (PIPEDA amendments) but also the anticipated-later-this-year second review of PIPEDA. Even if there isn’t an election, no one knows for sure about the timing of the enactment of C-29 in relation to the review. It’s even possible that the enactment of C-29 might wait to see what further changes could be incorporated as a result of the review. But what should the second review address? Read more »
It’s tough to be a hospital these days and I don’t envy the people trying to manage such places. But one thing I do expect is some degree of attention to the confidentiality of patient information. One hospital provides a unique set of facts that raises the question of appropriate regulatory responses. Read more »
“You don’t hear it, and unless you know what you’re looking for, you can’t see it.”
Bill C. Nabors Jr., Texas Department of Public Safety
That quote appears in a recent Washington Post story about the use of pilotless drones for domestic surveillance purposes, raising questions as to the use of a new and cheap surveillance tool. The quote could equally apply to any type of surveillance. We don’t like being watched yet we have somehow come to tolerate it. Read more »
