The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Monday, October 18, 2004
Michael Geist's regular Toronto Star column this week is a strong argument in favour of changes to the reporting procedures at the Office of the Privacy Commissioner. At present, the Commissioner only releases very brief summaries of her findings that are cleansed of all information that could identify a party. The parties themselves are provided with a much more thorough analysis (see the examples posted by the Public Interest Advocacy Centre). As someone who reads them all to help advise clients, I can say that they are often so summarised that it is difficult to use them as a basis for advice. Michael argues that this only serves to protect those who break the law and proposed changes to the practices at the Privacy Commissioner's Office further undermines the utility of issuing findings:
TheStar.com - Privacy law perversely protects those who break it:
"...For Canadian privacy law to garner the respect it needs to achieve widespread compliance, the commissioner's office should consider several changes to its reporting approach. First, it should work toward a more timely release of findings, recognizing the import attached to them by the privacy community. Moreover, it should update findings that are challenged in federal court and refrain from removing findings from its site without public notice (as it did in one instance over the summer).
Second, the commissioner's office should stop adding an additional layer to the reporting system with its summaries of each finding and instead release the full text of Commissioner's report for each case (with only the complainant's identifying information omitted). The current approach adds unnecessary costs, leads to reporting delays, and fosters uncertainty within the privacy community on the degree to which the summary can be relied upon in future complaints.
Third, it should at long last exercise its power by identifying the targets of well-founded complaints. The Act empowers the Commissioner to "make public any information relating to the personal information management practices of an organization if the commissioner considers that it is in the public interest to do so." Critics of a "naming names" approach have pointed to this provision as a reason for keeping the parties anonymous, arguing that it cannot always be in the public interest to release identifying information.
In fact, changes at the commissioner's office suggest that the law provides plenty of support for a more transparent disclosure policy. Recent reports indicate that the commissioner's office is scaling back its disclosure of findings. Roughly half of all complaints are now settled through mediation and the commissioner apparently does not plan to release the details of those resolved cases. Moreover, where a finding involves a fact scenario that has previously been discussed in a reported case, a new finding will similarly not be issued.
As a result of these changes, the commissioner's office seemingly now plans to release only novel findings that cannot be settled.... "
Labels: information breaches
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.