The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Friday, June 17, 2005
When I woke up this morning, I had no idea that it would be e-mail day. But it is. After the two previous posts about e-mail today, I thought I'd just continue the theme.
One of the partners in my firm got an e-mail from an accountant or actuary or business valuator or some other fellow professional. It was to announce that their offices had moved or something. I didn't really read the e-mail, because it was one paragraph on page four when he printed it out. The first three pages were the e-mail addressees. Three pages of them in ten point arial font. Hundreds of them. May have been in the thousands.
I have seen this happen, mostly by accident. I've seen it happen because of careless employees, new employees or those who just don't understand the technology. I've seen it happen over and over and over again. I know it bothers more than a few people when they know their address is being shared with hundreds of others, many of them strangers. Some people get bothered enough to complain. When a business does this, not only are they compromising the confidentiality and privacy of the people on the list (and their goodwill), but they are giving away their mailing list that they often have taken hours or thousands of dollars to compile. A good (opt-in) distribution list is valuable and practicing unsafe e-mailing is just giving it away. In this particular example, some of the sender's competitors were on the list and all it takes is a quick "cut and paste" to take that valuable intelligence. You may be giving your competitors a quick view of your clientele and an easy way to reach them.
E-mail to a distribution list has risks. Be sure that your employees appreciate this fact, because one click can cause a bunch of headaches.
Labels: information breaches
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.