Embed Size (px)
Citation preview
Privacy Law 101LEADS Employment Services
October 18, 2012
© 2012, Lorin J. MacDonald
Road Map
• What is Privacy?• What is Personal Information?• Why Does Privacy Matter?• Dispelling the Myths• Why Do We Need Privacy Laws?• Legislative History• Privacy Regulation in Other Statutes• Privacy Legislation• Privacy Issues in the News• What Happens If You Fail To Protect Privacy Information?• Protecting Privacy: Core Concepts• Privacy Policies: Foundational Principles• Privacy Officers• Privacy Law in Real Life
What is Privacy?
• Freedom of choice
• Personal control
• Informational self-determination
Respect for human dignityis at the core of privacy rights
What is Personal Information?
• Any recorded information about an identifiable individual, such as:
• Name
• Address
• Sex
• Age
• Education
• Medical or employment history
• Also includes a great deal of other information that can be linked to that individual, like opinions, habits, and behaviours
Why Does Privacy Matter?
• It matters to business because it matters to consumers
• The business case for privacy focuses on gaining and keeping consumer trust, which helps drive loyalty and repeat business
Dispelling the Myths
Myths relating to privacy in today’s society are rampant:
• Privacy is dead;
• Privacy is obsolete;
• If you connect online, there is no expectation of privacy.
Why Do We Need Privacy Laws?
Most privacy breaches remain undetected
The majority of privacy breaches remain unchallenged, unregulated … and unknown
Examples of privacy measures already in force:
• Biometric encryption• Facial recognition• Smart Meters and the Smart Grid• Wireless communication• Mobile devices• Health information• Digital marketing• RFIDs• SmartData
Legislative History
• 1983 – Privacy Act (Federal)
• 1987 – Freedom of Information and Protection of Privacy Act (FIPPA)
• 1989 – Municipal Freedom of Information and Protection of Privacy Act (MFIPPA)
• 2000 – Personal Information Protection and Electronic Documents Act (PIPEDA) (Federal)
• 2004 – Personal Health Information Protection Act (PHIPA)
Privacy Regulation in Other Statutes
• Criminal Code, R.S.C. 1985, c. C-46 – Canada• Confidentiality – Prohibition on Wiretaps
• Consumer Reporting Act, R.S.O. 1990, c. C.33 – Ontario
• Confidentiality – Requesting Consumer Report
• Employment Standards Act, 2000, S.O. 2000, c. 41 – Ontario
• Physical Privacy – Lie Detector Tests
• Permissible Disclosure – Building Service Providers
Privacy Regulation in Other Statutes
• Income Tax Act, R.S.C. 1985, c. 1 (5th Supp) – Canada• Confidentiality – Social Insurance Numbers
• Occupational Health and Safety Act, R.S.O. 1990, c. O.1 – Ontario
• Confidentiality – Employee Health Records
• Mandatory Collections (Medical Surveillance Programs)
• Workplace Safety and Insurance Act, 1997, S.O. 1997, c. 16, Sch. A – Ontario
• Employee Access – Board File
Privacy Legislation
• Canadian privacy legislation is framed around Canada’s private and public sectors
• The Information and Privacy Commissioner of Ontario enforces FIPPA, MFIPPA and PHIPA
• Privacy legislation explains:
1. how organizations and public bodies are allowed to collect, use, and disclose your personal information, and
2. how you can request to access and update it
• Requesting access to your personal information is usually provided free or at a minimal cost
• For example, you can request a free credit report from any Canadian credit bureau, i.e., Equifax, TransUnion. If there are errors, you can request the information be corrected
Privacy Issues in the News
• Video surveillance in mass transit systems
• Excessive background checks conducted on prospective jurors
• Social Media, Google Maps
• Britain’s phone-hacking scandal
• Amanda Todd and others – cyber-bullying
• Jones v. Tsige – January 2012, Ontario Court of Appeal recognized a common law tort for invasion of privacy, called “intrusion into seclusion”
And Just Last Saturday …
TD Bank Data: 1,000 Canadians With
U.S. Accounts Could Be Affected By
Missing Data
What Happens If YouFail to Protect Privacy Information?
• Once privacy has been lost and trust has been broken, organizations can expect to face hard and soft costs associated with:
• Legal liabilities and class action suits;
• Loss of client confidence and trust;
• Weakening of brand and reputation;
• Loss of customers, competitive edge;
• Penalties and fines levied;
• Costs of crisis management, damage control, review and retrofit of information systems, policies and procedures.
• Privacy is an important business issue
• Linked to both risk management and competitive advantage
• Privacy policies and practices can no longer be the end goal – they are the starting point
Protecting Privacy: Core Concepts
1. Consent
2. Accountability
3. Identifying Purposes
4. Collection Limitation
5. Use, Retention, and Disclosure Limitation
6. Accuracy
7. Security
8. Openness
9. Access
10. ComplianceSource: Global Privacy Standard
Privacy PoliciesFoundational Principles
1. Proactive, not Reactive: Preventative, not Remedial;
2. Privacy as the Default setting;
3. Privacy Embedded into Design;
4. Full Functionality: Positive-Sum, not Zero-Sum;
5. End-to-End Security: Full Lifecycle Protection;
6. Visibility and Transparency: Keep it Open;
7. Respect for User Privacy: Keep it User-Centric.
Privacy Officers
• A privacy officer in your organization is responsible to ensure organizational compliance with privacy legislation
• Should have a thorough understanding of which privacy legislation applies to your organization and how it applies
• Understand what privacy legislation applies to your key stakeholders, including your suppliers, service providers, and clients
Privacy Law
in Real Life
Privacy Issues
Can an employer ask the following
questions?:
1. Do you have a criminal record?
2. Do you have any medical illnesses?
• These questions have a potential impact on your privacy and human rights
• An organization under PIPEDA must abide by the principles of the Act, one of which states that the collection of personal information should be limited to what is necessary for the purposes identified
• An organization has no reason to ask about the existence of a criminal record or medical illness unless it has a justifiable reason for doing so
From a human rights perspective, as a general rule,employers in Canada are forbidden to discriminate oncertain grounds. These include:
1. Race
2. National or ethnic origin
3. Colour
4. Religion
5. Age
6. Sex or sexual orientation
7. Marital or Family Status
8. Disability
9. Conviction for an offence for which a pardon has been granted
• However, an employer can discriminate on these grounds if there is a “bona fide occupational requirement” – that means that the organization can prove that discrimination is necessary to fulfill the requirements of the position
• The employer has an obligation to prove that the position would be impossible to accommodate without undue hardship
Criminal Records
• If an employer is asking you to declare any criminal offences, they will ask you to list those that have not been pardoned. The reasons are:
1. The criminal record check, if shared directly with the employer, should not contain any pardoned offences
2. An employer cannot discriminate on pardoned offences
• You are not obligated to admit to a criminal record but it is generally better to be honest and upfront with a potential employer
• If you have an unpardoned criminal record, an employer can refuse to hire you depending on certain factors:
• the nature of the offence;
• how long ago it occurred;
• how relevant your offence is to the position; and
• how comfortable the organization feels in hiring you for the position.
Medical Illnesses
• An employer can ask if you have any medical illnesses which may make it impossible for you to fulfill the requirements of the position
• An employer must make every reasonable effort to accommodate someone who falls under the protected grounds of discrimination
Privacy Issues: 2012 and Beyond
• One of the biggest challenges to access and privacy will come from the evolution of information and communications technologies, especially in wireless mobile devices
Privacy and Access
=
Freedom and Liberty
Questions?
Thank you
and keep safe!
