There’s a reason why they are called “data protection” as opposed to “privacy” laws. In Canada, the privacy rights you have come from the Charter of Rights – our data protection laws provide rules principally as to the collection, use and disclosure of personal information with more than a passing nod to other topics such […]

When you consider the vast pool of personal health information that exists in electronic health record databases as well as the growing number of registries (both public and private) a large number of unanswered questions exist as to just what people, as patients and stakeholders, should accept as the “rules” surrounding such data.

In Ottawa, there’s talk of an election. From a privacy perspective, this raises questions not only about the fate of Bill C-29 (PIPEDA amendments) but also the anticipated-later-this-year second review of PIPEDA. Even if there isn’t an election, no one knows for sure about the timing of the enactment of C-29 in relation to the […]

It’s tough to be a hospital these days and I don’t envy the people trying to manage such places.  But one thing I do expect is some degree of attention to the confidentiality of patient information. One hospital provides a unique set of facts that raises the question of appropriate regulatory responses.

“You don’t hear it, and unless you know what you’re looking for, you can’t see it.” Bill C. Nabors Jr., Texas Department of Public Safety That quote appears in a recent Washington Post story about the use of pilotless drones for domestic surveillance purposes, raising questions as to the use of a new and cheap […]

If you’re someone caught up in a data breach or a person who can point to an actual violation of privacy, an obvious question is whether you suffered harm and should you be compensated? Three PIPEDA-related decisions from Canadian courts in 2010 offer a glimpse of different approaches to the subject of privacy-related damages. 

“If you build it, he will come” Shoeless Joe Jackson – Field of Dreams (1989) In the healthcare IT space, this famous movie line could easily be changed to “If you build a database, they will find secondary uses for it.”

As noted in the previous post, we now have a new American law – the Foreign Accounts Tax Compliance Act (“FATCA”) — that essentially requires organizations in Canada to identify clients who are American; obtain their consent to the disclosure of sensitive personal information to the IRS or withhold the provision of a service for […]

Somewhere along the line Canadians developed an almost pathological paranoia about the U.S. PATRIOT Act but this post isn’t about that legislation. No, it’s about the new American kid on the block: the Foreign Accounts Tax Compliance Act* (“FATCA”). It actually makes one feel sorry for financial institutions and other organizations affected by this legislation.

Privacy has become less valued by society than in previous eras. Whether it’s security, convenience or the seemingly inevitable march of technology, we talk of “managing” privacy; of the balancing of business needs with individual interests; of data being the new currency; of generational change in attitudes; all ultimately leading one down the road of […]