Text: Small Text  Normal Text  Large Text  Larger Text

    Blog Archive

    PrevPrevApril 2014NextNext
    SMTWTFS
      12345
    6789101112
    13141516171819
    20212223242526
    27282930

    The Expansion of Warrantless Disclosure Under S-4: Government's Response Fails to Reassure

    PDF  | Print |  E-mail
    Monday April 14, 2014
    My post and column on the expansion of warrantless disclosure under Bill S-4, the misleadingly named Digital Privacy Act, has attracted some attention and a response from Industry Canada.  The department told iPolitics:

    "Companies who share personal information are required to comply with the rules to ensure that information is only disclosed for the purpose of conducting an investigation into a contravention of a law or breach of an agreement. For example, self-regulating professional associations, such as a provincial law society, may wish to investigate allegations of malpractice made by a client. When organizations are sharing private information, the Privacy Commissioner can investigate violations and may take legal action against companies who do not follow the rules. This is consistent with privacy laws in British Columbia and Alberta and was recommended by the Standing Committee Access to Information, Privacy and Ethics."

    The response may sound reassuring, but it shouldn't be.


    Tags:
    , , ,
    Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare
    View
     

    Why the Digital Privacy Act Undermines Our Privacy: Bill S-4 Risks Widespread Warrantless Disclosure

    PDF  | Print |  E-mail
    Thursday April 10, 2014
    Earlier this week, the government introduced the Digital Privacy Act (Bill S-4), the latest attempt to update Canada's private sector privacy law. The bill is the third try at privacy reform stemming from the 2006 PIPEDA review, with the prior two bills languishing for months before dying due to elections or prorogation. 

    The initial focus has unsurprisingly centered on the new security breach disclosure requirements that would require organizations to disclose breaches that puts Canadians at risk for identity theft. Security breach disclosure rules are well-established in other countries and long overdue for Canada. The bill fixes an obvious shortcoming from the earlier bills by adding some teeth to the disclosure requirements with the addition of penalties for violations of the law. Moreover, Bill S-4 stops short of granting the Privacy Commissioner full order making power as is found at the provincial level, but the creation of compliance orders has some promise of holding organizations to account where violations occur.

    Despite those positive proposed changes to Canadian privacy law, the bill also includes a provision that could massively expand warrantless disclosure of personal information.



    Tags:
    , , , ,
    Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare
    View
     

    U.S. Calls Out Canadian Data Protection as a Trade Barrier

    PDF  | Print |  E-mail
    Wednesday April 02, 2014
    The U.S. Trade Representative issued its annual Foreign Trade Barrier Report on Monday. In addition to identifying the geographical indications provisions in the Canada - EU Trade Agreement, telecom foreign ownership rules, and Canadian content regulations as barriers, the USTR discussed regulations on cross-border data flows. I wrote about the issue recently, noting that the Canadian government restricted access to its single email initiative to Canadian-based hosting.

    The USTR picks up on the same issue in its report:

    The strong growth of cross-border data flows resulting from widespread adoption of broadband-based services in Canada and the United States has refocused attention on the restrictive effects of privacy rules in two Canadian provinces, British Columbia, and Nova Scotia. These provinces mandate that personal information in the custody of a public body must be stored and accessed only in Canada unless one of a few limited exceptions applies. These laws prevent public bodies such as primary and secondary schools, universities, hospitals, government-owned utilities, and public agencies from using U.S. services when personal information could be accessed from or stored in the United States.
     
    The Canadian federal government is consolidating information technology services across 63 email systems under a single platform. The request for proposals for this project includes a national security exemption which prohibits the contracted company from allowing data to go outside of Canada. This policy precludes some new technologies such as "cloud" computing providers from participating in the procurement process. The public sector represents approximately one-third of the Canadian economy, and is a major consumer of U.S. services. In today’s information-based economy, particularly where a broad range of services are moving to "cloud" based delivery where U.S. firms are market leaders; this law hinders U.S. exports of a wide array of products and services.

    This issue bears watching given the growing momentum for localized data hosting conflicting with provisions in the Trans Pacific Partnership that would seek to restrict such provisions.
    Tags:
    , ,
    Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare
     

    How Telcos and ISPs Hand Over Subscriber Data Thousands of Times Each Year Without a Warrant

    PDF  | Print |  E-mail
    Tuesday April 01, 2014
    The lawful access fight of 2012, which featured then-Public Safety Minister Vic Toews infamously claiming that the public could side with the government or with child pornographers, largely boiled down to public discomfort with warrantless access to Internet subscriber information. The government claimed that subscriber data such as name, address, and IP address was harmless information akin to data found in the phone book, but few were convinced and the bill was ultimately shelved in the face of widespread opposition.

    My weekly technology law column (Toronto Star version, homepage version) notes the government resurrected the lawful access legislation last year as a cyber-bullying bill, but it has been careful to reassure concerned Canadians that the new powers are subject to court oversight.  While it is true that Bill C-13 contains several new warrants that require court approval (albeit with a lower evidentiary standard), what the government fails to acknowledge is that telecom companies and Internet providers already hand over subscriber data hundreds of times every day without court oversight.  In fact, newly released data suggests that the companies have established special databases that grant law enforcement quick access to subscriber information without a warrant for a small fee.


    Tags:
    , ,
    Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare
    View
     
    << Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

    Results 1 - 4 of 508