part 6 – special legal rights and relationships chapter 35 – privacy law prepared by michael...
TRANSCRIPT
Part 6 – Special Legal Rights and Relationships
Chapter 35 – Privacy Law
Prepared by Michael Bozzo, Mohawk College
© 2015 McGraw-Hill Ryerson Limited 34-1
Privacy LegislationApplication of the Act and Personal
InformationManaging Privacy and Personal Information
Anti-Spam LegislationCanada’s Anti-Spam Legislation
© 2015 McGraw-Hill Ryerson Limited 34-2
Overview
Federal law - Personal Information and Electronic Documents Act (PIPEDA) requires business and personal accountability for the use and collection of personal information – In contract and otherwise
PIPEDA applies in the absence of equivalent provincial legislationPrivacy legislation of B.C., Alberta, and Quebec
meet PIPEDA standards
Privacy Legislation
© 2015 McGraw-Hill Ryerson Limited 10-3
Act covers all personal information collected, used and retained by an organization in commercial activityBusinesses held accountable if they use or disclose
personal information for purposes other than those for which consent was given
Personal information includes but not limited to: name, date of birth, medical facts, ethnicity, personal description, employee records, earnings, credit and loan files, survey responses, beliefs, opinions or intentions
Application of the Act and Personal Information
© 2015 McGraw-Hill Ryerson Limited 10-4
1. Accountability – Someone must have delegated personal responsibility at each business.
2. Identifying Purposes – Reason for collection shall be documented before collection and use of info.
3. Consent – Use of Personal Info. (P.I.) requires consent of individuals concerned.
4. Limited to Necessary Info. – Fair and lawful. 5. Limited Use, Disclosure and Retention 6. Accuracy – Accurate, complete and up-to-date. 7. Safeguards Required – Appropriate to sensitivity.
PIPEDA COMPLIANCE REQUIREMENTS
© 2015 McGraw-Hill Ryerson Limited 10-5
8. Openness – about P.I. policies and practices. 9. Individual Access – Individuals may request
disclosure of their P.I. and may challenge its accuracy and completeness; having it amended where appropriate.
10. Challenging Compliance - May challenge parties responsible under the legislation where there is non-compliance with the requirements of the Act.
PIPEDA COMPLIANCE REQUIREMENTS cont’d
© 2015 McGraw-Hill Ryerson Limited 10-6
Privacy commissioner oversees private sector compliance with PIPEDA, and compliance by the federal government with the Privacy ActInvestigate complaints, conduct audits and pursue action
under two federal lawsPublicly report on personal information handling practicesSupport, undertake and publish research into privacy
issuesPromote public awareness and understanding of privacy
issues
Privacy Commissioner
© 2015 McGraw-Hill Ryerson Limited 10-7
Chief Privacy Officer’s (CPO) role to ensure compliance with legislationSafeguard client’s personal informationPhysical safeguards such as locks, containers and access
controlOrganizational safeguards such as restricting access to
employees with a true “need to know”Technological safeguards such as security features,
password protection, and data encryption
Managing Privacy and Personal Information
© 2015 McGraw-Hill Ryerson Limited 10-8
2014 amendment to PIPEDAObligation to notify Commissioner of material breach of
security has occurred around personal information holdings
Individuals concerned must be notified where the breach of security creates a real risk of significant harm
Harm not limited to bodily harm, but includes humiliation, damage to credit records, reputation and relationships, financial loss and identity theft
Digital Privacy Act
© 2015 McGraw-Hill Ryerson Limited 10-9
Tort of physical, or non-physical into a person’s private places and/or affairs, by way of listening or looking with or without mechanical aidsSeparate from a violation of the legislation under PIPEDAFactors assessed by court in determining liability: ○ the reckless or intentional conduct of the defendant ○ the unlawful invasion of the plaintiff’s privacy ○ the harm caused as a reasonable consequence of the
conduct
Intrusion Upon Seclusion
© 2015 McGraw-Hill Ryerson Limited 10-10
July 1, 2014 Canada’s Anti-Spam Legislation (CASL) came into forceIntent is to control electronic spam messagesSpam is considered to be an annoyance, a
vehicle to introduce viruses or malware to computer systems, steal a person’s identity or money from bank accounts
CASL regulates the sending of Commercial Electronic Messages (CEMs)
Anti-Spam Legislation
© 2015 McGraw-Hill Ryerson Limited 10-11
Any electronic message that has as its purpose encouraging participation in a commercial activityIncludes emails or messages sent to social media
accounts and texts to mobile devicesCASL prohibits address harvesting and
unauthorized collection of personal information from a computer system
Commercial Electronic Messages (CEMs)
© 2015 McGraw-Hill Ryerson Limited 10-12
CASL requires the sender to receive express consent from the recipient to receive the CEM
CEM must contain contact information of sender, including its address and telephone contacts, as well as website and electronic information
CEMs must set out a straightforward mechanism for unsubscribing from receiving future CEMs
Commercial Electronic Messages (CEMs)
© 2015 McGraw-Hill Ryerson Limited 10-13
Privacy LegislationResponsibility of businesses to be accountable for
personal information they collect, hold, and use in the course of commercial activity
Concept of privacy based on consent of individual, minimal use, and commitment to safeguard information
CASLRigorous new rules in place for sending electronic
messages that have a commercial purposeExpress consent required, identify sender’s
information, allow recipient to unsubscribe
SUMMARY
© 2015 McGraw-Hill Ryerson Limited 34-14