Under PIPEDA, “lawful authority” arises as a preliminary matter when an organization is approached for a request for personal information by a “government institution or part thereof”. While a “clarification” of “lawful authority” is one of the proposed amendments to PIPEDA, the issue is really about whether organizations should disclose to law enforcement authorities. While consent to disclose personal information may not be necessary, disclosure by the organization is still voluntary. When and how should organizations cooperate with law enforcement authorities? Read more »
There were a number of letters, news items and posts this past week about the new lawful access proposals before Canada’s Parliament. While the focus has been on telcos and the data they hold, it is important to note that there are also other “access” proposals – ones that significantly change the Personal Information Protection and Electronic Documents Act (“PIPEDA”) when it comes to the disclosure of information. Read more »
It is somewhat fitting that Halloween and the anniversary of the enactment of the PATRIOT Act are close together. In Canada, the latter, which turned 10 last week, has come to embody fear about government access to personal information. The troubling part is that this fear may needlessly complicate life for everyone in this country. Read more »
A “tipping point” is the culmination of small events that cause a significant change. Malcolm Gladwell tells us it comes from the world of epidemiology: that point in time in an epidemic where a virus reaches critical mass. Have we now seen the tipping point where business takes cybersecurity far more seriously than ever before? Read more »
Tort law in Canada may take a new privacy-related turn if a recent press report is to be believed. Read more »
Canadian courts are increasingly taking up the subject of privacy and two judicial decisions issued this year in Alberta, Canada’s Wild Rose Country, do make you wonder how privacy law will evolve in this country.
Read more »
The phrase “you are what you eat” popped into my head as I began this blog post. It might be better to say “you are what you consume” and truer words were never spoken when one considers technology, analytics, and the measurement of electricity consumption. New metering technology — labeled “smart grid” — and the privacy implications associated with it have already generated (no pun intended) a lot of text, presentations and concerns. Read more »
It seems ages since I’ve last posted to this blog but I do wish to assure readers that I’ve not abandoned it and plan to return to more regular posts in the fall. In addition to running a busy law and consulting practice, the spring and summer of 2011 has been spend updating my 2006 Access to Information and Privacy title of Halsbury’s Laws of Canada as well as planning for a new 2012 title on privacy law and management. With only so much time to go around, something had to give and unfortunately it was the regularity of blog posts. Thank you for your patience.
Last week saw a flurry of reports about the case of R. v. Cole. Cole is a decision of the Ontario Court of Appeal involving charges of possession of child pornography. Two reports in the National Post and Globe and Mail suggest this is a groundbreaking decision with significant implications for employers across Canada with respect to reasonable expectations of privacy. It isn’t. And that fact probably says more about the state of the media’s reporting about privacy than anything else. Read more »
I was asked the other day if I thought identity issues were any different from when I dealt with them at TBS some 10 years ago. I paused, thought about it, hummed a bit, thinking of the intervening work done — Oasis (SAML), Liberty Alliance, WS-* — and finally said I didn’t think so. The central concerns and issues — the provisioning of digital identities for use by multiple organizations in the same “identity ecosystem” — remain. For entities wanting to interact with an individual outside of that organization (e.g. in e-commerce, e-government, eHealth, shared services contexts) there is still the question of who they are and what can they do? The answer remains the same as it did in the 90s – it depends. Read more »
