The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar



Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Wednesday, August 06, 2008

Student complains about Kiwi can cam 

Sorry about the headline. I thought I could do beter than the one written by

I have reported on toilet cams on this site in the past, but all of those I've heard about installed by businesses have ended up to be fakes. That is until this report from New Zealand where a drunk student was roughed up by bouncers who were covertly watching him rip down a poster above the urinal.

See: Student shocked to star on club's loo-cam - New Zealand news on

Labels: , , ,

Monday, September 03, 2007

NZ doctors resist insurance firms' pleas for full patient records 

More news from down under; this time from New Zealand.

Family doctors are complaining to the New Zealand Privacy Commissioner about the increasing tendency of insurance companies to ask for full patient records for their insureds. The New Zealand Medical Association has complained to the Commissioner, who is considering whether to investigate. See: Christchurch doctors resist insurance firms' pleas for full patient records - Christchurch News - The Press.

Labels: , ,

Sunday, August 26, 2007

NZ commissioner to release breach guidelines 

New Zealand's privacy commissioner, Marie Shroff, is going to introduce voluntary privacy breach guidelines today. I understand they are modeled on those recenly produced by the Canadian Privacy Commissioner. I'll post a link when they are released.

Computerworld > Privacy Commissioner boosts breach disclosure drive with guidelines

Privacy Commissioner Marie Shroff will today announce a draft guide for the management of data breaches in business and government, in what could be the first step towards introducing data breach disclosure laws to New Zealand.

The guidelines are not mandatory, however. Shroff says she may consider whether breach notification should be a mandatory part of New Zealand law, as is the case in parts of North America and has been recommended in Canada.

The guidelines say data breaches should be managed in four stages: containing and assessing the breach; evaluating the risks; considering or undertaking notification; and putting in place future prevention measures.

“Be sure to take each situation seriously and move immediately to investigate the potential breach,” the guidelines say. “Steps 1, 2 and 3 should be undertaken either simultaneously or in quick succession. Step 4 provides recommendations for longer-term solutions and prevention strategies. The decision on how to respond should be made on a case-by-case basis.”

UPDATE: Here are the materials posted on the NZ Commissioner's website:

Key steps for agencies responding to privacy breaches and privacy breach guidelines. The Commissioner welcomes feedback on the draft documents. Comments due by 28 September 2007.

Download the documents

Labels: , ,

Tuesday, February 21, 2006

Incident: New Zealand university student services website suffers security failure 

Canterbury University in New Zealand has shut down its online registration service after a student discovered that anybody with a student number could obtain access to any other student's information, including personal information about disabilities, financial aid, etc. The university does not think the glitch was misused, but have taken the site down in the meantime.

Check out:,1478,3579589a7694,00.html

Posted from my Blackberry, so please forgive the formatting, etc.

Technorati tags: :: :: .

Labels: ,

Monday, November 08, 2004

Fingerprint-protest worker fired (New Zealand Herald) 

The New Zealand Herald is carrying a story about a man who was canned from his job because he refused to use his employer's electronic punch card system that required his fingerprint to clock in and out of work:

New Zealand News - - Fingerprint-protest worker fired:

"David Barnes has forfeited his job at an Auckland printing works rather than become a 'marked commodity' by surrendering his fingerprints to his employer.

'Where does it all end?' he said yesterday of his dismissal as a maintenance engineer for PMP Print in Wiri.

'Ultimately we'll be no more than producers and consumers in an extremely regulated Big Brother society that I don't wish to be part of.'

Mr Barnes, 52, was sacked last month for alleged serious misconduct for refusing to allow his fingerprints to be scanned into a machine for identification when clocking on and off... "

Labels: ,

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs