The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Friday, December 03, 2004
After the anger and fingerpointing about the recent CIBC faxing incident(s), columnists are moving to a practical approach on the issue: why are you faxing confidential informaiton and is there a better way to communicate? Jim Middlemiss of the Financial Post has a good column on these questions:
You're faxing my what, where?:
"There are better ways to send sensitive information
December 2, 2004
Businesses can avoid potential public relations and legal nightmares by developing privacy policies, authentication processes and using cutting-edge technology. The Canadian Imperial Bank of Commerce learned this the hard way last week when U.S. scrapyard operator Wade Peer went public with his story about how one of Canada's largest banks was flooding his fax machine with highly confidential information about its clients for the past three years."
I usually advise clients to be very careful faxing. The preferred way to do it is to e-mail a PDF of the documents (and turn off e-mail address auto-complete features). If you routinely send confidential information via fax, you should only use pre-programmed speed-dial numbers. And make sure you verify each one right after they are programmed. And you need to do what you can to avoid hitting the wrong button: the medical records department button must not be adjacent to the button for the local newspaper. Don't laugh. It has actually happened. Do you think that they will heed your cover-page warning to immediately destroy the fax? Perhaps not.
Labels: information breaches
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.