All About Information reports that the Ontario Superior Court of Justice has ruled that a teacher had no expectation of privacy in information stored on his work laptop.
Post Tagged with: "privacy"
Do-Not-Call List Backfires
The Times & Transcript covers the problems with the National Do-Not-Call list.
The Electronic Commerce Protection Act – The Privacy Provisions
The Electronic Commerce Protection Act includes a noteworthy change to Canada's private sector privacy legislation (earlier posts on anti-spam provisions, enforcement, do-not-call). PIPEDA includes specific provisions dealing with the issue of consent for the collection of personal information, including the possibility of collecting personal information without knowledge or consent in certain circumstances. The ECPA adds a new provision that effectively overrides this exception – ie. it requires consent. The provisions are designed to target both spyware and the harvesting of email addresses or other collection of personal information without consent (a practice known as dictionary attacks).
The new PIPEDA Section 7.1(2) states:
The Electronic Commerce Protection Act – The Enforcement Prohibitions
The Electronic Commerce Protection Act will accomplish little if there is not a real commitment to enforcement. The enforcement provisions form the bulk of anti-spam bill (my review of the prohibitions here, the effect on the do-not-call list here). The enforcement part of the bill includes details on who does the enforcing, investigative powers, and penalties associated with anti-spam violations. The short version is that the CRTC has been given a wide range of investigatory powers, including the power to compel ISPs to preserve transmission data. Once it concludes its investigation, it can pursue a settlement or bring a notice of violation. The penalties run as high as $10 million. There are also smaller roles for the Privacy Commissioner and Competition Bureau as well as provisions to facilitate anti-spam lawsuits.
The more detailed version is:
The Untold Story of Do-Not-Call Enforcement (aka Why Killing Do-Not-Call Can’t Come Fast Enough)
Earlier today, I posted on how one of the most significant aspects the anti-spam bill introduced on Friday was not reported or discussed in government briefing materials. Namely, that buried at the very end of the 69-page bill, are provisions that lay the groundwork to kill the National Do-Not-Call list. I noted that the proposed approach is very complicated, but boils down to the government repealing the provisions that establish and govern the do-not-call list. In its place, the Electronic Commerce Protection Act approach of requiring an opt-in would apply, meaning that Canadians would no longer need to register their phone numbers on a do-not-call list.
My weekly technology law column (homepage version, Ottawa Citizen version, Toronto Star version) provides some reasons why that the change cannot come fast enough. The column reports that while misuse of the do-not-call list remains a concern, a review of thousands of pages of internal government documents released under the Access to Information Act reveal that it is only the tip of the iceberg. In addition to lax list distribution policies, the enforcement side of the do-not-call list raises serious alarm bells with the majority of complaints being dismissed as invalid without CRTC investigation, the appearance of a conflict of interest in sorting through complaints, and a regulator that has been content to issue to "warnings" rather than levying the tough penalties contained in the law.
The CRTC documents obtained under Access to Information include a list of companies that have downloaded the do-not-call list. Given the broad exceptions under the law, virtually no charities, survey companies, political parties, or newspapers have acquired it. Instead, real estate agents, car dealers, financial advisors, and lawn care companies dominate the list of over one thousand organizations. Many of those organizations are identifiable, yet there are also over a hundred provincial numbered companies for which little is known, as well as cryptic names such as “My broker office” or “Michele.” It is unclear whether the CRTC invoked further verification before granting access to unknown organizations.
The proliferation of the do-not-call list is certainly disconcerting, but picture that emerges about its enforcement is even more troubling. The documents reveal that the CRTC receives over 20,000 telemarketing complaints each month, many involving the do-not-call list (some complaints may relate to other telecommunications rules that cover automated dialers or curfews).
The initial evaluation of complaints is handled by Bell, which manages the do-not-call list, rather than the CRTC. Bell reviews each complaint and provides a prima facie evaluation of whether it is valid, invalid, or indeterminate (which require further investigation). Despite tens of thousands of complaints, very few have been categorized by Bell as a prima facie violation of the do-not-call list. For example, in January, Bell reported that there were only 42 valid prima facie national do-not-call violations, while 3,033 national do-not-call complaints were ruled invalid (an unknown number of do-not-call complaints were treated as indeterminate).
Recent Posts
Carney’s Digital Recalibration: How the Government is Trending Away from Justin Trudeau’s Digital Policy 
Let Competition Be the Guide: Why the Government and CRTC Got It Right on Wholesale Fibre Broadband Access 
Commentary: Ensuring the Sovereignty and Security of Canadian Health Data 
The Law Bytes Podcast Law Society of Ontario CPD Professionalism Pack 
The Law Bytes Podcast, Episode 242: Sukesh Kamra on Law Firm Adoption of Artificial Intelligence and Innovative Technologies
