The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Tuesday, November 28, 2006
Michael Geist has a summary of the third day of the PIPEDA review hearings, at which the Privacy Commissioner appeared. She called for mandatory breach notification and amendments to PIPEDA to get around the recent Blood Tribe that curtailed her ability to review claims of privilege. Check it out: Michael Geist - PIPEDA Hearings - Day 03 (Privacy Commissioner of Canada).
Update (20070118): For links to the full hearing transcripts, go to: Canadian Privacy Law Blog: PIPEDA Review Transcripts.
Monday, November 27, 2006
Google Video is hosting a great documentary featuring Henry Porter of the Observer on widespread surveillance in the US and the UK that assumes everyone's a subject. Check it out: Suspect Nation - Google Video. From the Google Video blurb:
Since Tony Blair's New Labour government came to power in 1997, the UK civil liberties landscape has changed dramatically. ASBOs were introduced by Section 1 of the Crime and Disorder Act 1998 and first used in 1999. The right to remain silent is no longer universal. Our right to privacy, free from interception of communications has been severely curtailed. The ability to travel without surveillance (or those details of our journeys being retained) has disappeared. Indeed, as Henry Porter (the Observer journalist famous for his recent email clash with Tony Blair over the paring down of civil liberties) reveals in this unsettling film, our movements are being watched, and recorded, more than ever before.
Thanks to Open and Shut for the link.
Friday, November 24, 2006
Thursday, November 23, 2006
The Information and Privacy Commissioner of Alberta has announced that the first charges ever have been laid under the Helath Information Act. The charges relate to improper access to health information and misleading the OIPC's investigator. From the OIPC's media release:
Charges laid under Health Information Act:
November 23, 2006
Four charges have been laid against an individual under the Health Information Act. She has been summoned to appear in Calgary Court on January 15, 2007. This is the first time charges have been laid under provisions of the Health Information Act.
As a result of a complaint to the Office of the Information and Privacy Commissioner an investigation was undertaken. Upon completion of the investigation, the matter was referred to the Regulatory Prosecutions Office of Alberta Justice. Following that consultation, two charges were laid for improperly accessing another individual's health information and two charges were laid for misleading the Office of the Information and Privacy Commissioner's investigator.
The maximum penalty for a first offence under the Health Information Act is $50,000 for each charge.
Alberta's Information and Privacy Commissioner, Frank Work, says, 'These are serious allegations, and they are not to be taken lightly. As we move increasingly to electronic health records, the security of Albertan's health information remains paramount. We will do everything in our power to help protect this information'.
According to the Associated Press, a panel of EU privacy regulators has found that SWIFT violated European privacy laws by handing over SWIFT data to the US. See: EU panel: SWIFT broke data privacy laws.
As I wander through this world, I more often than not notice privacy problems instead of good privacy practices. That may be a result of being particularly sensitive to privacy issues or because good privacy practices are too rare.
This morning, I had an experience that is worth commenting upon. When I was in Toronto for the Canadian IT Law Association's conference, I stayed at Le Royal Méridien King Edward where the conference was held. I didn't get a copy of my invoice when I checked out (or maybe I did and its in one of the piles of paper that I brought back from the conference). So I faxed the hotel this morning asking for a copy to be faxed back to me. My request was on letterhead and duly signed. But the hotel, just to be sure, called me directly and asked a couple of questions to make sure I was who I purported to be. It cost them time and long distance charges, but suggests that they take this stuff seriously. Which makes me feel better.
This is what I advise my hotel clients to do and I'm glad that the King Eddy is following someone else's sage advice.
I blogged some time abo about Loreena McKennitt's successful bid in the UK High Courts to have an unflattering book pulled from shelves (Canadian Privacy Law Blog: Canadian folk singer opens the door to expanded privacy for celebrities in Europe ). Now the story is back in the news as she takes the battle to the Court of Appeal:
Canadian singer's privacy case back in London court Entertainment Entertainment News Reuters.co.uk:
Tue Nov 21, 2006 4:28 PM GMT
LONDON (Reuters) - Canadian singer Loreena McKennitt's action to prevent details of her life appearing in a book by a former friend was challenged in court on Tuesday, the second case this week that could influence English privacy law.
She won a High Court ruling in London last year in which the judge prevented the disclosure of details of her private life in a book by Niema Ash called "Travels With Loreena McKennitt".
Ash and the book's publishers, Purple Inc Press, are seeking to overturn the ruling in the Court of Appeal, arguing that it struck a "triple whammy" against freedom of expression.
A successful appeal could pave the way for the book to go back on sale -- about 300 copies were sold before it was withdrawn from shelves.
On Monday, celebrity magazines OK! and Hello! took their protracted row over photographs of the 2000 wedding of Michael Douglas and Catherine Zeta-Jones to the House of Lords, the upper house of Parliament which is also England's highest court.
That case is also being closely watched for which side the lords favour -- the celebrities and OK! magazine, who had an exclusive deal for the photographs, or Hello! which published unauthorised "spoiler" images of the event.
Legal experts say protecting people's private lives is one of the areas of the law most affected by the introduction of human rights legislation six years ago.
David Price, lawyer for Ash and Purple, told the court that considerable uncertainty surrounded privacy laws in the country.
"There is a perception that the law relating to breach of confidence and misuse of private information is in a state of some uncertainty," he said. "This uncertainty is undesirable. It has a chilling effect on freedom of expression."
He said the original judgement in McKennitt's favour set a "low hurdle" on what qualified as private information and a difficult and restrictive test for justifying information that is private.
He said it blurred the distinction between defamation and privacy which was a "particular concern for book publishers".
The court ruled last year that McKennitt was entitled to an injunction restricting publication of passages of the book which fell into categories including personal relationships, emotional vulnerability and her feelings for her late fiancé who drowned.
Update (20070118): For links to the full hearing transcripts, go to: Canadian Privacy Law Blog: PIPEDA Review Transcripts.
Wednesday, November 22, 2006
Apparently technology now exists to tell if people are talking in an aggressive way. Wired News is reporting that the city of Groningen is doing a pilot project that involves installing microphones in the streets to detect if people are yelling angrily so that cops can be summoned. See: Listening Post. I guess you'd have all problems solved if you combine this with a gunshot detector (The Canadian Privacy Law Blog: Surveillance technology cleans up the streets of NJ town) and a tweak to catch conspiratorial whispering.
Tuesday, November 21, 2006
Is it live or is it Memorex?
Michael Geist has a source sitting in on the PIPEDA hearings. Read her notes: Michael Geist - PIPEDA Hearings - Day 01 (Industry Canada).
Update (20070118): For links to the full hearing transcripts, go to: Canadian Privacy Law Blog: PIPEDA Review Transcripts.
Monday, November 20, 2006
Regular readers won't be shocked to discover that Michael Geist has a few thoughts on the PIPEDA review, which started today. Check it out: Michael Geist - PIPEDA Review Underway Today. And read his Toronto Star column on the same topic: Michael Geist - Hearings Offer Chance to Fix Holes in Privacy Law.
Information Week is always a good source of privacy reporting and today they've posted a really good article on the changing face of privacy and how companies need to adjust. The article is about eight printed pages long, but here are the topics covered:
Privacy: The Problem That Won't Go Away - Your privacy mistakes can easily become everyone's business. Here's how to keep your company--and your career--out of the spotlight
- It's A Strategy, Not Just A Policy
- Privacy Laws Will Change—Often
- You Can Excel--Don't Just Avoid Screwups
- All Data Is Sensitive
- Retain The Right Data, For The Right Time
- Helping Can Hurt You--Even With The Feds
- Partners Can Be Your Biggest Problem
- Technology Can Create New Problems
- One Privacy Approach Can't Cover All
They've also posted two great sidebars: Technology To The Rescue: From anonymizers to network monitors to identity management sysems, there's a host of privacy-enhancing products and strategies available and Privacy File: 10 Events That Impacted The IT Landscape - Here's a quick scan of recent events, which have roiled the privacy waters at AOL, at the FBI, and in Europe.
Read it, learn it, live it.
Sunday, November 19, 2006
According to TorrentFreak, the highest appeal court in Germany has ruled that an ISP is required to delete IP logs in order to protect privacy. This is qualified by the fact that the deletion should be at the request of the individual (and TorrentFreak provides a link to a sample letter). See: Privacy Prevails: German ISP Forced To Delete IP Logs at Torrentfreak. Thanks to Links: Ben Laurie Blathering for the link.
Today's New York Times comments on new technologies that make cell phones "buddy beacons" (or stalker tools):
Cellphone as Tracker: X Marks Your Doubts - New York Times
THE diminutive cellphone is turning out to be the most clever of devices. As it connects to more networks, stores more kinds of data, delivers more kinds of entertainment — wherever we happen to be — it effectively becomes the most personal computer we own.
Now, as more of the handsets are equipped to use the Global Positioning System, the satellite-based navigation network, we are on the verge of enjoying services made possible only when information is matched automatically to location. Maps on our phones will always know where we are. Our children can’t go missing. Movie listings will always be for the closest theaters; restaurant suggestions, organized by proximity. We will even have the option of choosing free cellphone service if we agree to accept ads focused on nearby businesses.
None of this entails anything exotic. The technology has been ready for a while, but not the customers. Prospective benefits have seemed paltry when placed against privacy concerns. Who will have access to our location information — present and past? Can carriers assure us that their systems are impervious to threats from stalkers and other malicious intruders or neglectful employees — or from government snoops without search warrants? Contemplating worst-case scenarios, our hands holding these very mobile devices have been frozen, hesitant to turn the location beacon on. Are we finally ready to flip the switch? ....
Friday, November 17, 2006
Last Saturday's New York Times ran a lengthy article on the rehabilitation of ChoicePoint. The one-time poster child for privacy fiascos has since apparently cleaned up its act. Now members of the "privacy possee" are quoted as singing the company's praises after it gots its house in order. Right after the high-profile privacy breach, representatives of the company contacted members of the privacy community (I even got a call) to ask what they did right and what they did wrong in responding to the incident. Since then, many of their harshest critics hail the company as a model for the data brokerage industry. Check it out: Keeping Your Enemies Close - New York Times.
The article also has a great timeline illustrating the number and magnitude of privacy incidents in the US over the past few years:
Cracked it! Special reports Guardian Unlimited:
...By last month, Booth, Laurie and I each had access to a new biometric chipped passport and were ready to begin testing them. Laurie's first port of call was the ICAO's website, where the organisation had published specifications for the new travel documents. This is where he learned that the key to opening up the secure chip was contained in the passports themselves - passport number, date of birth and expiry date.
"I was amazed that they made it so easy," Laurie says. "The information contained in the chip is not encrypted, but to access it you have to start up an encrypted conversation between the reader and the RFID chip in the passport.
"The reader - I bought one for £250 - has to say hello to the chip and tell it that it is authorised to make contact. The key to that is in the date of birth, etc. Once they communicate, the conversation is encrypted, but I wrote some software in about 48 hours that made sense of it.
"The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat."
Within minutes of applying the three passports to the reader, the information from all of them has been copied and the holders' images appear on the screen of Laurie's laptop. The passports belong to Booth, and to Laurie's son, Max, and my partner, who have all given their permission....
Michael Geist has a snapshot of what's been scheduled so far for the PIPEDA review before the House Standing Committee on Information, Ethics and Privacy:
Michael Geist - PIPEDA Review Schedule Unfolds:
The Standing Committee on Access to Information, Ethics, and Privacy launches the PIPEDA review next week with three hearings now on tap. Representatives from Industry Canada will appear on Monday, Richard Rosenberg and Colin Bennett, two B.C. experts appear on Wednesday, and Privacy Commissioner of Canada Jennifer Stoddart is scheduled to appear on Monday, November 27th. The Committee is still open to written submissions and proposals for oral presentations.
Thursday, November 16, 2006
SoutheastTexasLive.com - Southeast Texas' ONLY online entertainment page
A. Personal Information We will only collect the personally identifiable information you willingly provide to us, such as your name, address and email address. If you choose not to provide us with information we ask for when filling out forms, forums, contests, and anything else you may encounter we ask you not give us intentionally fake information. For instance, do not give us your friends or neighbor's phone numbers as a substitute for your own. This way, if we call you at 4 o'clock in the morning, we know we are bothering the right person. Your personal information is used by us to respond to your requests, to process your transactions, for administrative purposes, to process prizes, and to send you information about SoutheastTexasLive.com's programs and, occasionally, advertising/promotional material from some of its advertising and strategic partners. You are more than welcome to give us nicknames, pseudonym, alias, tag, street name, handle, stage name, Christian name, affectionate name, or title. Just make sure that if we call you at 4 o'clock in the morning that you will know it is you with whom we are asking to speak. We may also use your personal information for internal business purposes, such as analyzing and managing our businesses.
B. Financial Information We will only collect your financial information such as account or credit card numbers, from you when you make purchases on this site. We will use your financial information to process your transactions. We will never store this information online or use it to buy our girlfriend something pretty. By making a purchase on this site, you consent to our providing your financial information to our service providers and to such third parties as we determine is necessary to process your transactions. These third parties may include the credit card companies and banking institutions used to process the transaction. They may also include the U.S. Government if subpeoned because they need to study terrorist purchasing t-shirts, music, and newspapers. For this, we apologize on behalf of our government.
C. Demographic Information We may also collect demographic data, such as your date of birth, gender, and zip code. Demographic data may be used to tailor your experience at this site, such as showing you content including special events and advertising that you might be interested in, and displaying the content according to your zip code. We're not really this advanced yet, but it helps to have all our ducks in a row. We promise not to tell your friends if you happen to like visiting our children's area or wearing women's clothing. We mean you John.
On occasion, aggregate information that does not identify any particular user may be compiled and shared with strategic partners, merchants and advertisers. We had to look up aggregate on dictionary.com too. Don't feel bad.
D. Passive Collection of Non-Personal Information. This site often requires the use of encrypted or non-encrypted cookies, pieces of information that a web site places in a file on your computer associated with your browser that may be used to deliver content specific to your interests and for other purposes, such as security and other account administrative functions, and which may track personal identifying information. This information is processed passively by your browser as you surf through this site. You CANNOT dunk these cookies in milk. Nor can you reheat them in the oven. Attempting to do so may result in complete equipment failure and possibly void your manufacturer's warranty. IF you were lucky enough to get one without paying an arm and leg for it.
II. Disclosure of Information to Third Parties
A. Strategic Partners From time to time we may enter into a special relationship with another company that is not owned by or affiliated with SoutheastTexasLive.com to provide additional features on this site. We assure you this is merely a plutonic relationship and you will never see us kissing in public. These special relationships may include business partners, sponsors, and co-branded sites (referred to here as “co-branded sites”). Any information, including personal information, that you provide on one of these co-branded sites will be shared with these third party partners. Don't worry, they have been tested for virus' and have had their shots. By participating in activities or providing your information on these co-branded sites, you also consent to our providing your personal information to those third parties. Since these third parties will use your information in accordance with their own privacy practices, you should check their Web sites for information regarding their individual privacy policies. We doubt their policies will be as entertaining as ours, but you already knew that.
B. Service Providers We may use third party service providers to help us operate our business and this site or administer activities on our behalf, such as authorization of credit card transactions, order fulfillment, and sweepstakes administration. We may share your information with these third parties for those limited purposes. For instance, if you participate in a sweepstakes, game, or loyalty program resulting in a prize or award, we will share personally identifiable information about you to our games and merchandise fulfillment and management agencies. This may include your name, physical description, baby photos of you, embarassing morning "candids", pet names (like 'Snookie' or 'Cuddly-Bear'), or the ever popular "look how far I'm sticking my finger up my nose" shot.
C. Other Disclosures Unless specified in this Privacy Statement or another activity-specific privacy statement, personally identifiable information of any individual user is never shared with other companies outside SoutheastTexasLive.com, except as follows: (i) as permitted by law, (ii) in the event of a transfer of ownership, assets or a bankruptcy of SoutheastTexasLive.com, (iii) where we determine that disclosure of specific information is necessary to comply with the request of a law enforcement or regulatory agency, (iv) to protect the interests or safety of SoutheastTexasLive.com or other visitors to this site (v) . We will never use your information to ask you on a date, blackmail you, or locate your home to toilet paper it.
III. LINKS AND THIRD PARTIES' PRIVACY PRACTICES
This site provides you with the opportunity to opt-in to receive weekend updates and partner notices from SoutheastTexasLive.com. If you do not opt-in, SoutheastTexasLive.com will not send you its promotional offers or someone to your house to break your legs. We're just not that way. However, regardless of your opt-in preferences, sexual bias, religious choices, and whether you really do like long walks on the beach at sunset, SoutheastTexasLive.com may still at times need to send program emails for administrative reasons. Note: Your opt-out preference may not be retroactive in certain instances where you agreed to receive brand-specific communications. SoutheastTexasLive.com also gives you convenient methods for removing your information from our database so as not to receive future communications or to close your account:
• Email us @ TakeMyNameOffYourList@southeasttexaslive.com Please put "I still love you" as the headline to make our webmaster feel better. • You may send mail to the following postal address:
SoutheastTexasLive.com Website Customer Care 380 Main Street Beaumont, TX 77701
• Or just cry and whine about it to your friends and family and hope something gets done.
V. UPDATES TO THIS PRIVACY STATEMENT
SoutheastTexasLive.com reserves the right to make changes in this Privacy Statement. In the event that SoutheastTexasLive.com makes a material change to this Privacy Statement, it will be posted here. We encourage you to check this page regularly since your continued use of this site following any changes to this Privacy Statement will be deemed to constitute your acceptance of such change. This includes your agreeance to fork over your first born upon demand and the transferance of any inheritance to us should we decide to put that in. And you may have to take us out for dinner one night. Or a movie. We haven't decided.
VI. REVIEWING/CORRECTING/UPDATING YOUR INFORMATION
This site gives you several options for reviewing, correcting, updating or otherwise modifying information you have previously provided:
• Email us @ ChangeMyInfo@southeasttexaslive.com Please put "please" as the headline to make our webmaster feel wanted. • You may send mail to the following postal address:
SoutheastTexasLive.com Website Customer Care 380 Main Street Beaumont, TX 77701 Please note, changes may not be effective immediately if at all. And it's not our fault. It's your mother's.
VII. CONTACTING SOUTHEASTTEXASLIVE.COM
If you have any questions about this Privacy Statement, the practices of the this site, you may contact:
SoutheastTexasLive.com Website Customer Care 380 Main Street Beaumont, TX 77701 Telephone # 409-880-0718 http://www.southeasttexaslive.com/contactUs.html
When writing, please include your name, the problem, pie (or cake), and a return address (so if it's a nasty letter we can toilet paper your house).
The Information and Privacy Commissioner of Saksatchewan, Gary Dickson, has released his annual report for 2005-2006, calling for a significant overhaul of the province's public sector legislation. See: Saskatchewan told to update privacy laws that expose residents to risk - Yahoo! Canada News.
From the Commissioner's media release:
Information and Privacy Commissioner
NEWS RELEASE – November 16, 2006
Saskatchewan Information and Privacy Commissioner tables 2005-2006 Annual Report.
Saskatchewan’s Information and Privacy Commissioner, Mr. Gary Dickson, has submitted his Annual Report for 2005-2006 to the Legislative Assembly. The document is available at the website: www.oipc.sk.ca.
Dickson recommends action by the Saskatchewan Government to make Deputy Ministers and CEOs of Crown corporations and local authorities explicitly accountable for access and privacy compliance in their organizations.
The Commissioner also highlights unfinished business from his last Annual Report. Of six major recommendations in his 2005 Privacy and Access: A Saskatchewan ‘Roadmap’ for Action, there has been no action taken on four recommendations, namely:
- Extend privacy protection to private sector employees in Saskatchewan;
- Conduct a public review of our 14 year old law, The Freedom of Information and Protection of Privacy Act, and then make the necessary changes to modernize that first- generation law;
- Integrate two separate access and privacy laws into a single law to make it more understandable and easier to comply;
- Ensure that public registries address the new challenges to the privacy of citizens.
The Commissioner also highlighted two emerging issues that warrant attention:
- Development of an electronic health record for every man, woman and child in Saskatchewan poses major challenges to the protection of privacy. “It will be important to get the ‘privacy piece’ of the EHR right so that citizens will continue to be frank and candid when they deal with their family physician and other primary providers.”
- There is a popular trend to promote ‘shared services’, whether SchoolPlus for children at risk, or multi-department delivery of services for adults. This trend requires a careful rethinking of the way access to information and privacy will be managed.
A couple of days ago, the ultra-popular blog Boing Boing posted an account of an individual who was arrested in a national bank after inquiring whether a cheque he had received was legit. (See: Boing Boing: Bank of America loses $50 million from customers upset by false arrest.) The author of the post asked readers to e-mail Boing Boing if they decided to close their accounts at the bank to protest the situation. So far, they report that the bank has lost $900,000 worth of business from the blog's readers.
While the incident doesn't really have a privacy angle, it is worth thinking about what might happen if your company were to be involved in a privacy incident that received this kind of coverage. Word of mouth has aways had a strong impact on the bottom line, but word of blog (particularly one as popular as Boing Boing) can be much more powerful.
Think about it.
Wednesday, November 15, 2006
The Governor-in-Council for Nova Scotia today proclaimed into force the new Personal Information International Disclosure Protection Act.
For more background, see
Here's the official release from the government of Nova Scotia:
News Release: Department of Justice
November 15, 2006 13:07
Legislation to ensure that Nova Scotians' personal information is not disclosed under the U.S. Patriot Act was proclaimed today, Nov. 15.
The new Personal Information International Disclosure Protection Act outlines a series of requirements and penalties that protect personal information from inappropriate disclosure.
"This legislation will help ensure that Nova Scotians' personal information will be protected," said Justice Minister Murray Scott. "The act outlines the responsibilities of public bodies, municipalities and service providers and the consequences if these responsibilities are not fulfilled."
The act provides protection regarding storage, disclosure and access to personal information outside of Canada or in the custody or under the control of a public body or municipality.
The legislation comes into effect for government, school boards, universities, district health authorities and other public bodies today and on Nov. 15, 2007 for municipalities.
Under the act, the minister of Justice must be notified if there is a foreign demand for disclosure of any personal information of Nova Scotians. It also requires that service providers storing information only collect and use personal information necessary for their work for a public body or municipality.
The act also address whistleblower protection for employees of external service providers to ensure they are protected if they report an offense under the act. Whistleblower protection for Nova Scotia government staff already exists under the Civil Service Act.
Penalties under the act include up to $2,000 per government employee for malicious disclosure by employees of public bodies and municipalities. The act also creates offences for service providers, with penalties of up to $2,000 for employees and $500,000 for companies.
Offences relate to the improper storage, collection, use, or disclosure, failure to notify the minister of Justice of foreign disclosure demands, and improper discipline or termination of employees.
Information sessions have been held in Truro and Halifax over the past month to educate partners and stakeholders about the provisions of the act.
FOR BROADCAST USE:
New provincial legislation which will ensure that Nova Scotians' personal information is not at risk from activities under the U-S Patriot Act has been proclaimed today (November 15th).
The new Personal Information International Disclosure Protection Act outlines a series of requirements and penalties that protect personal information from inappropriate disclosure.
The act provides protection regarding storage, disclosure and access to personal information in the custody or under the control of a public body.
Tuesday, November 14, 2006
I spent yesterday in Ottawa at the Electronic Health Information and Privacy Conference. The speakers were very good and the topics covered a very wide range of sub-topics, including privacy enhancing technology, data masking, and research use of personal health information.
IT Business has some coverage of the conference here. What I found to be one of the most telling observations was made by Dr. Geiger of the Ottawa Hospital:
As Dr. Glen Geiger, the Ottawa Hospital’s medical director of clinical information systems told the conference, even hospital employees don’t want their personal health information loaded onto the electronic patient record. They flag their records to have them registered in special outpatient accounts so the results do not populate the electronic record, Geiger said.
“Treating personal health information for staff differently from that of everyone else creates two classes of citizens,” Geiger said. “That’s wrong. If our staff don’t trust us to keep their information private, why should anyone else?”
I continue to be puzzled about the assumption that PIPEDA allows "implied consent" within a mythical "circle of care". This assumption is expressed in a number of areas, but the prime example is in the PIPEDA Awareness Raising Tools (PARTs) Initiative for the Health Sector.
This may appear eminently reasonable, but I don't think it's a foregone conclusion that a judge would agree. The relevant provision in PIPEDA says that the form of the consent has to be based on the sensitivity of the information. If health information is among the most sensitive (not much debate on this topic), it follows that it requires robust consent. Implied consent doesn't really cut it. I've written about this before if you want to read about it in greater depth (see Focus on Privacy: The Application of PIPEDA to Personal Health Information).
40. Can consent be implied for the use and disclosure of personal health information under PIPEDA?
Yes, once patients are made aware of their privacy rights (see answer #38), consent is implied if the patient continues to seek care and treatment. Thus current practice of implied consent for the primary use of personal information in the direct care and treatment of an individual patient, as defined in a circle of care, will continue under PIPEDA. For example, a lab may infer consent because the individual would reasonably expect that the results be sent to the provider who ordered the lab work.
41. Is consent implied for the disclosure of personal health information to private insurance companies or third party payers for the purposes of reimbursement of health services rendered?
In certain circumstances, yes. In circumstances where the current practice is to obtain written consent by making the patient sign a reimbursement form, the practice should continue. Where no form is signed, implied consent is acceptable provided patients understand that this is happening and have not behaved in a way that may indicate a refusal of consent (see answer #38).
42. When does PIPEDA require express consent?
In commercial activities, the patient's oral or written consent is generally required for all uses and disclosures that are not directly related to the care and treatment of a patient.
This position is also adopted in the Pan-Canadian Health Information Privacy and Confidentiality Framework. Implied consent within the circle of care may be the rule in Ontario's PHIPA, but assuming it is also the rule in PIPEDA is more than a little bit risky.
Researchers at Queens University, funded by SSHRC, had the pollsters at Ipsos Reid carry out a rather comprehensive survey of residents of a range of countries on privacy issues. Questions covered a wide range, from privacy concerns, privacy attitudes and knowledge of privacy laws.
There has been a lot of reporting on the study since it came out yesterday:
The coverage is interesting, but it's worthwhile taking a look at the presentation prepared by the researchers here.
What I found most interesting while perusing the presentation was how similar Canadian and American attitudes are reported to be.
I am sometimes left scratching my head wondering why the medical (and dental) field are among the first to adopt intrusive technologies. For example, a Winnipeg dentist has started fingerprinting his patients so that they can sign in by just touching a screen. (CBC: Fingerprinting dental patients raises privacy concerns.) Apparently, it improves privacy:
Michael Lasko, registrar of the Manitoba Dental Association, thinks it could be the way of the future for identifying patients in dentistry and medicine.
"It's probably the easiest and most secure method of maintaining patient privacy," said Lasko.
He said fingerprints help patients maintain their anonymity by eliminating the need for conversations about personal health information at the reception desk.
What's next? Implanting RFID chips in patients? Oh, too late.
Some coverage of the Information and Privacy Commissioner of Alberta's investigation of the theft of a laptop containing mental health informaton of around 1,000 patients: Stolen laptop contained mental health data.
Saturday, November 11, 2006
This is a really interesting development:
Google stands up to White House in row over privacy on web Special reports Guardian Unlimited:
The head of the internet search engine Google has vowed to protect the privacy of web surfers against the US government.
As Americans delivered a sweeping midterm election defeat for the Republican administration, Eric Schmidt strongly criticised the White House's attitude towards privacy at the Web 2.0 Summit in San Francisco, where the world's most powerful internet players are meeting this week to discuss the future of the medium.
Earlier this year, Google overturned a government subpoena that attempted to force dozens of internet companies to make available huge banks of data on web users' habits. The government claimed it wanted access to records of internet searches and online activity to help identify suspected terrorists and observe dangerous patterns of behaviour.
A federal judge ruled that the move was illegal, and Mr Schmidt said surfers were right to take their anger out on officials. "This was a complete violation of our users' rights," Mr Schmidt told the summit. "We, as a society, came to a rational outcome, and if we don't like it we can replace the people who pass those laws."...
Thanks to a friend in BC for sending me this:
Police in the Lower Mainland of British Columbia have just completed a trial of license plate recognition technology and are planning a widespread rollout of the technology in Vancouver. It consists of a camera mounted atop a police car that looks up license plates, checks them against a database and alerts the cop at the wheel if the car is "suspicious". The technology can look up about 3000 plates an hour and they apparently find that they are overwhelmed with the number that turn up as being suspicious - about one in fifty.
The technology has apparently had great success in the UK (you might remember this) and some people have concerns with privacy aspects of what is characterised by the BC Attorney General as a "street sweeper".
Sgt. Gord Elias said at a press conference: "The potential of ALPR is up to everyone's imagination. There is absolutely no end to what you could do with it."
Like any surveillance technology, it would be prone to "mission creep". It can target child abductors and terrorists. Or people with unpaid parking tickets, those defaulting on student loans. Or it could be used for profiling by flagging people who choose to drive in suspicious places at suspicious times. The reports I have seen do not say whether the system keeps a record of cars looked up or the location that this takes place. If that were the case, the police would be able to create a log of where you (or your car) has been and at what time.
There was no mention of privacy issues in any of the reports, or how these might have been addressed. I wonder whether a privacy impact assessment was carried out as part of the roll-out. Check out: CTV Video - licence plate scanning. And Vancouver Sun: 1 in 50 drivers 'commits crime' on roads.
The technology isn't exactly brand new. Check out what Bruce Schneier had to say when the technology was rolled out in Connecticut in 2004:
Schneier on Security: License Plate "Guns" and Privacy:
... On the face of it, this is nothing new. The police have always been able to run a license plate. The difference is they would do it manually, and that limited its use. It simply wasn't feasible for the police to run the plates of every car in a parking garage, or every car that passed through an intersection. What's different isn't the police tactic, but the efficiency of the process.
Technology is fundamentally changing the nature of surveillance.... It's wholesale surveillance.
And it disrupts the balance between the powers of the police and the rights of the people....
Like the license-plate scanners, the electronic footprints we leave everywhere can be automatically correlated with databases. The data can be stored forever, allowing police to conduct surveillance backwards in time.
The effects of wholesale surveillance on privacy and civil liberties is profound; but unfortunately, the debate often gets mischaracterized as a question about how much privacy we need to give up in order to be secure. This is wrong. It's obvious that we are all safer when the police can use all techniques at their disposal. What we need are corresponding mechanisms to prevent abuse, and that don't place an unreasonable burden on the innocent.
For license-plate scanners, one obvious protection is to require the police to erase data collected on innocent car owners immediately, and not save it. The police have no legitimate need to collect data on everyone's driving habits. Another is to allow car owners access to the information about them used in these automated searches, and to allow them to challenge inaccuracies.
We need to go further. Criminal penalties are severe in order to create a deterrent, because it is hard to catch wrongdoers. As they become easier to catch, a realignment is necessary. When the police can automate the detection of a wrongdoing, perhaps there should no longer be any criminal penalty attached. For example, both red light cameras and speed-trap cameras all issue citations without any "points" assessed against the driver.
Wholesale surveillance is not simply a more efficient way for the police to do what they've always done. It's a new police power, one made possible with today's technology and one that will be made easier with tomorrow's. And with any new police power, we as a society need to take an active role in establishing rules governing its use. To do otherwise is to cede ever more authority to the police.
Thursday, November 09, 2006
The 28th International Data Protection Commissioners Conference, organized by the Information Commissioner's Office of the United Kingdom, London, U.K. (November 2-3, 2006)
November 6, 2006
- Press Release : International agreement to uphold privacy rights, November 3, 2006
- Press Release : Waking up to a surveillance society, November 2, 2006
- A Report on the Surveillance Society – Public Discussion Document, September 2006
- Communicating Data Protection and Making it More Effective - Common Policy on Surveillance
- Conference Communiqué
- Professor Nigel Gilbert - Speaker Presentation
- Sir Stephen Lander - Speaker Presentation
- John Peace - Speaker Presentation
Hot off the presses from the Information and Privacy Commissioner of Alberta:
Commissioner launches investigation into stolen Calgary Health Region laptop:
Alberta’s Information and Privacy Commissioner has confirmed that his office is investigating the theft of a laptop computer from the home of an employee of the Calgary Health Region. The computer contains the personal health information of approximately 1,000 patients, who received services provided by the Region’s Collaborative Mental Health Department.
Click to view more information Commissioner launches investigation into stolen Calgary Health Region laptop
The Associated Press is reporting that Marnlen Management Ltd. is the first company to adopt IBM's "clipped tag" concept that allows these special RFID tags to be disabled by clipping off the antenna: Company adopts 'clipped tag' technology - Yahoo! News
Wednesday, November 08, 2006
The Privacy Commissioner of Canada has published another "Fact Sheet", this time about applications for hearings in the Federal Court under PIPEDA:
Fact Sheet: Applications for Court Hearings Under PIPEDA (October 2006):
This document is intended to provide helpful information to guide complainants through the process of applying to the Federal Court for a hearing under section 14 of the Personal Information Protection and Electronic Documents Act (PIPEDA).1For more information and for sample documents, please refer to the Federal Courts Rules, which can be found on the Department of Justice Canada website at http://laws.justice.gc.ca/en/F-7/SOR-98-106/index.html....
Sunday, November 05, 2006
The recent high-profile arrest of an St. Thomas, Ontario man allegedly busted abusing a child online has revived the discussion related to lawful access (or the Modernization of Investigative Techniques Act). While nobody can question the horror of child abuse, the debate over expanding police powers and privacy rights is a legitimate debate that needs to take place.
I found it interesting to learn that ISPs in Canada regularly disclose information about subscribers without search warrants, as discussed in the Canoe.ca article:
CANOE Money: Sectors - Police hope ISPs will do more to help in fighting child exploitation:
Tom Copeland, head of the Canadian Association of Internet Providers, said in most cases ISPs will co-operate if presented with a search warrant or a so-called letter of authority, but acknowledged it's not always the case.
"It's going to be a management decision by each and every ISP but I think the trend, especially when it comes to child exploitation, is to co-operate with law enforcement - subject to them providing some basic lawful authorization," he said.
The industry - which is made up of between 300 to 400 ISPs nationwide - has worked with law enforcement agencies to come up a letter of authority, a form that police can fill out and fax to ISPs to get information. It was developed after coming to a consensus that needing to obtain a search warrant was impractical for a number of reasons.
I have never seen one of these, so I am making an assumption that these are meant to invoke section 7(3)(c.1) of PIPEDA:
(3) For the purpose of clause 4.3 of Schedule 1, and despite the note that accompanies that clause, an organization may disclose personal information without the knowledge or consent of the individual only if the disclosure is ...(c.1) made to a government institution or part of a government institution that has made a request for the information, identified its lawful authority to obtain the information and indicated that(i) it suspects that the information relates to national security, the defence of Canada or the conduct of international affairs,
(ii) the disclosure is requested for the purpose of enforcing any law of Canada, a province or a foreign jurisdiction, carrying out an investigation relating to the enforcement of any such law or gathering intelligence for the purpose of enforcing any such law, or
(iii) the disclosure is requested for the purpose of administering any law of Canada or a province;
I also found it interesting that some are of the view that name and address (combined with the individual's IP address) are categorically non-sensitive and perhaps are not personal information:
"The notion that a search warrant is needed for simply a customer's name and address is a little bit far-reaching, it's really overkill based on what Canada's privacy laws dictate," Copeland said.
"There is a general naivety about what Canada's privacy laws will and won't allow us to do, what information is to be kept private subject to more rigorous requests by law enforcement, versus what a reasonable person would expect to be private or not private."
He said a customer's name and address - which can usually be found in the phone book or in an online database - wouldn't normally be considered personal or private information, and often that's all police need.
The CBC is reporting that a range of Canadian universities are beginning to abandon US research databases out of fears that data trails left by researchers would be fodder for the FBI under the USA Patriot Act. See: Patriot Act fears prompt universities to patriate computers.
Via the excellent Library Boy blog.
Saturday, November 04, 2006
Over the last week, certain corners of the blogsphere have been filled with stories that Google has been cooperating with the CIA to provide information on users. (See: Google Blog Search: google cia steele.) The stories originate with an interview of a former clandestine services case officer for the CIA, Robert David Steele, on the Alex Jones Radio Show. Goodness only knows whether there's a grain of truth to this ...
Friday, November 03, 2006
Wired News is reporting that the FBI just busted a fraudulent credit card ring (in the US and Poland) who made fake plastic from numbers acquired phishing. See: Wired News: FBI Busts Credit Card Cybergang.
Thursday, November 02, 2006
I was going to write about this, but Michel-Adrien Sheppard not only beat me to it, but has written an amazingly thorough post on his blog, complete with loads of interesting and relevant links. Check it out: Library Boy: UK Fast Becoming Surveillance Society Says Info Commissioner.
Two consumer and privacy advocacy groups have petitioned the US Federal Trade Commission to go after online advertising networks for using more sophisticated techniques to track consumers. From Earthweb:
Ad Networks Violating Privacy?:
Two consumer advocacy groups want the Federal Trade Commission (FTC) to investigate alleged unfair and deceptive practices by Internet advertising networks.
In a joint filing Wednesday, the Center for Digital Democracy (CDD) and the U.S. Public Interest Research Group (U.S. PIRG) claim current privacy disclosure statements are inadequate in light of increasingly sophisticated data-collection techniques.
'They [ad networks] are unleashing powerful new tools without the conscious awareness of consumers,' CDD Executive Director Jeff Chester told internetnews.com. 'There needs to be some meaningful consumer safeguards.'
While most companies and networks collect only non-personally identifiable information from users, the filing claims unprecedented amounts of data are being collected and associated with each unique visit to a Web site.
'Current privacy disclosure policies are totally inadequate, failing to effectively inform users how and what data are being collected and used,' the filing states.
Techniques cited in the filing include Web analytics, behavioral targeting, 'virtual reality' media, data mining and audience targeting and tracking.
Collectively, CDD and U.S. PIRG contend, the new techniques are creating a new online environment in which 'engagement gives way to entrapment' and 'personalization impinges on privacy.'
Privacy International, a global privacy advocacy group, has released its annual ranking of privacy around the world. This year, Canada ranked second, after Germany. The United Kingdom is 33rd and the US is 30. From the globeandmail.com via Michael Geist.
The full report isn't on the Privacy International website yet, but here's the full list from the Globe:
Privacy International's rankings of 37 countries, with the best at No. 1. Some countries are tied.
18. Czech Republic
18. New Zealand
30. United States
Wednesday, November 01, 2006
The Guardian is running a deeply critical article on the new electronic health records system being rolled out in the UK, called The Spine:
Warning over privacy of 50m patient files Health SocietyGuardian.co.uk:
... And a Guardian inquiry has found a lack of safeguards against access to the records once they are on the Spine, the computer designed to collect details automatically from doctors and hospitals. The NHS initiative is the world's biggest civilian IT project. In the scheme, each person's cradle-to-grave medical records no longer remain in the confidential custody of their GP practice. Instead, up to 50m medical summaries will be loaded on the Spine.
The health department's IT agency has made it clear that the public will not be able to object to information being loaded on to the database: "Patients will have data uploaded ... Patients do not have the right to say the information cannot be held."
Once the data is uploaded, the onus is on patients to speak out if they do not want their records seen by other people. If they do object, an on-screen "flag" will be added to their records. But any objection can be overridden "in the public interest".
Harry Cayton, a key ministerial adviser, warned last month of "considerable pressure to obtain access to [the] data from ... police and immigration services", but he is confident that these demands can be resisted by his department.
Another concern is the number of people who can view the data. The health department has issued 250,000 pin-coded smart cards to NHS staff. These will grant varied access from more than 30,000 terminals - greater access for medical staff, and less for receptionists. Health managers, council social workers, private medical firms, ambulance staff, and commercial researchers will also be able to see varying levels of information. Officials say the data will be shared only on a need-to-know basis. But Guardian inquiries show a lack of safeguards.
Although data protection laws supposedly ban unnecessary build-ups of computer information, patients will get no right to choose whether their history is put on the Spine. Once uploading has taken place, a government PR blitz will follow. This will be said to bring about "implied consent" to allow others view the data. Those objecting will be told that their medical care could suffer....
The Atlantic Chapter of the High Technology Crime Investigation Association is holding its annual conference on November 17, 2006 in Dartmouth, Nova Scotia. I'll be speaking on issues related to e-mail, privacy, evidence and records management. For more info and to register, check out HTCIA Conference 2006.
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.