The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar



Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Thursday, April 24, 2008

Micromanaging employee expenditures 

I'm not sure how I feel about this. Apparently, MasterCard is introducing a feature for corporate cards that allows employers to set very strict parameters on spending. Economy class? Ok. Business class. Nope. HoJo's? Ok. Strip clubs? Not so much. The card also has detailed reporting that allows employers to keep close tabs on spending.

If an employee is spending the employer's money, it makes sense that the employer can set parameters on it. Business Week's article (You've Been Pre-Rejected) on the topic suggests that it smacks of big brother, but a lot of thinking about privacy depends upon peoples' expectations. If people understand what information is being collected and how it will be used (and it is reasonable), it is less likely that whatever is at issue will be seen as an invasion of privacy. Employees who use a corporate card where they know that the bill goes to the employer first can't reasonably be surprised if their employer gets upset over use of the card that does not fit within company policy. If employees know that the employer can set strict controls on the use of the card, I don't see the problem. If employees similarly are informed that the employer can see the bill in detail, it shouldn't be a problem.

Where the problems arise (and I'm sure they will) is that employers will use this product without telling the employees. The surveillance will be covert, which is much more pernicious and DOES lead to the big brother syndrome. You don't know when you're being observed and thsi leads to mistrust and insecurity. And it can also backfire: if an employee does not feel trusted, many will not act trustworthily (if that's a word!).

The product is also being touted as a tool for parents to keep track on kids' spending. Again, if you're spending someone elses' money they probably have a right to control how it is spent. But similarly, they'll have to make sure that their kids' expectations are tempered by the knowledge that Big Father (or Big Mother) is watching.

At the same time, I think the new MasterCard feature can be a benefit for privacy. Your (personal) credit card number and your (personal) credit card account are your personal information and you have a right to know how it is being used. I'd pay extra for a card that sent me a text message to advise of each charge. I'd be immediately alerted to any fraudulent use of the card and would be in a much better position to protect my own personal information. Whether this will be demanded as a card feature remains to be seen. But it is an example of a technology that can be intrusive and a boon to privacy at the same time. It depends upon how it is used and whether the user knows all about its features.

Labels: , ,

4/24/2008 11:02:00 PM  :: (1 comments)  ::  Backlinks
You'd pay extra to receive a TM for each transaction? Be careful what you wish for. Doing that could be the precursor to shifting the onus for fraudulent use of a credit card number onto the card holder.

After all, if you've been notified of each transaction, it's easy to say that you're responsible to notify the card issuer of any inappropriate transactions.

What would that do to the balance sheets of banks and credit card issuers -- who now self-insure and, despite mounting losses from fraud, still manage to earn billions each quarter.
Post a Comment

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs