Post Tagged with: "pipeda"

Extremely Urgent by Allan Reyes (CC BY-NC-ND 2.0) https://flic.kr/p/8tEboQ

The Nine Year Wait For Government Urgency on Privacy Reform

The Standing Committee on Industry, Science and Technology started its study on Bill S-4, the PIPEDA reform bill, last week. While news reports suggested that Industry Minister James Moore was open to changes, government MPs warned that any amendments would mean the bill would go back to the Senate for approval and likely die with the fall election. For example, MP Mark Warawa stated:

Minister, if we were to then delay and amend, would S-4 then have to go back to the Senate to get passed? My concern is – this is needed and a vast majority of Canadians want this passed – if we amend it, what’s the chance of it passing in this Parliament? Because, it’s needed.

Moore acknowledged that MPs can suggest reforms, but emphasized that “there is some urgency.”

The government’s sense of urgency with the PIPEDA reform bill is striking given that it has largely stalled progress on the key provisions in this bill for years. In fact, in one instance it left a privacy bill sitting for two years in the House of Commons with no movement whatsoever until it died with prorogation. The historical background behind Bill S-4 is as follows:

February 11, 2015 — 2 comments — News

DSC_0110 Minister of Canadian Heritage and Official Languages James Moore by Heather (CC BY 2.0) https://flic.kr/p/6BbzwP

Why the Digital Privacy Act Will Expand Personal Information Disclosure Without Court Oversight

My column this week on warrantless access to personal information under Canadian law noted that Bill S-4, the Digital Privacy Act, will expand the likelihood warrantless disclosures between private organizations. As I posted recently:

Bill S-4 proposes that:

“an organization may disclose personal information without the knowledge or consent of the individual… if the disclosure is made to another organization and is reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation;

Unpack the legalese and you find that organizations will be permitted to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law. This applies both past breaches or violations as well as potential future violations. Moreover, the disclosure occurs in secret without the knowledge of the affected person (who therefore cannot challenge the disclosure since they are not aware it is happening).

November 4, 2014 — 6 comments — News

Come back with a warrant by Rosalyn Davis (CC BY-NC-SA 2.0) https://flic.kr/p/aoPzWb

Warrantless Access to Subscriber Information: Has the Tide Turned on Canada’s Privacy Embarrassment?

In a year in which privacy issues have captured near weekly headlines, one concern stands out: warrantless access to Internet and telecom subscriber information. From revelations that telecom companies receive over a million requests each year to the Supreme Court of Canada’s landmark decision affirming that there is a reasonable expectation of privacy in subscriber information, longstanding law enforcement and telecom company practices have been placed under the microscope for the first time.

Last week, the Privacy Commissioner of Canada released a report that shed further light on the law enforcement side of warrantless disclosure requests, raising disturbing questions about the lack of record keeping and politically motivated efforts to drum up data on the issue.

My weekly technology law column (Toronto Star version, homepage version) notes that the Office of the Privacy Commissioner of Canada notified the Royal Canadian Mounted Police last October that it was planning to conduct preliminary investigative work on the collection of warrantless subscriber information from telecom companies. The plan was to assess RCMP policies and to determine the frequency and justification for warrantless requests.

November 3, 2014 — 5 comments — Columns

System Security Breach by Jeff Keyzer (CC BY-SA 2.0) https://flic.kr/p/bucTzM

Government Opens Door to Major Changes to Digital Privacy Bill

While it was overshadowed by the headlines over potential copyright reform, Peter Van Loan, the government’s House leader, disclosed last week that the government is planning to send Bill S-4, the Digital Privacy Act, to the Industry Committee for review prior to second reading. The bill, which has proven controversial due to a provision that expands the possibility of voluntary disclosure of subscriber information and relatively weak security breach disclosure rules, will be open to more significant reforms that previously thought possible (my remarks before the Senate committee can be found here). Under Parliamentary rules, referring a bill before second reading allows the committee to alter the scope of the bill.

October 15, 2014 — 5 comments — News

LG Cookie Fresh Email Setup by Digitpedia Com (CC BY 2.0) https://flic.kr/p/8rtADu

The Canadian Anti-Spam Law Panic: Same As It Ever Was

As the Canadian media reports on the panic associated with the new anti-spam law set to take effect next week, consider the following from Macleans titled “Few Companies Prepared for New Privacy Law“:

The new law..says organizations can only collect personal information for a stated reason – and can use it only for that purpose. Among others things, that means a company that supplies a service can’t sell its list of subscribers to another company’s marketing department. Individuals must be informed, and give their consent, before personal information is collected, used or disclosed..But most firms are unaware of the new law.”

The article continues by noting that “there’s confusion over which organizations might be exempt” and that “there is no grandfather clause – all existing customer information needs to be compliant.” The message is similar in a Globe and Mail article titled “Many small firms not ready for privacy rules“, which also notes the possibility of a constitutional challenge. An IT World Canada reiterates that concern in its coverage:

most Canadian organizations are not aware of the [law]. And very few are prepared to comply.

June 26, 2014 — 11 comments — News