First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

privacy legislation

Department of Finance releases consultation paper on new retail payments oversight framework

On July 7, 2017, the Department of Finance issued the consultation paper “A New Retail Payments Oversight Framework” (the “Consultation Paper”) proposing a federal oversight framework for retail payments. Comments on the Consultation Paper are due October 6, 2017.

 

, , , , ,

Few “likes” for Facebook forum selection clause: Supreme Court finds “strong cause” to not enforce forum selection clause

When engaging with personal information, consulting local privacy counsel is a must. Privacy legislation varies from province to province and failing to appreciate even slight differences can result in class action claims like in the Douez case. Facebook’s preliminary motion was rejected but the class action has yet to be certified. The opinions of the divided Court in Douez could be used to provide supporting arguments for both sides in a situation where the facts are just slightly different.

 

, , , , , , , ,

Defending a lawsuit is not a “commercial activity” under privacy legislation

In a case dating back to 2016 but just recently published, the Office of the Privacy Commissioner of Canada has ruled that the collection and use of a plaintiff’s personal information for the purpose of defending against a civil lawsuit is not a “commercial activity” and, as such, the Personal Information Protection and Electronic Documents Act does not apply.

 

, , , ,

Reasonable expectation of privacy and text messaging

The task of picking up the phone, dialing and anticipating a “hello” on the other end can be daunting for many people. Text messaging, compared to phone calls, has dominated the way we communicate with one another over the years. With the abundance of text messages exchanged between people, there stems an important question with respect to privacy. That is, is there a reasonable expectation of privacy in a text message once it has been sent and received by the intended recipient? The Ontario Court of Appeal recently concluded that there is not. Thereby ruling that text messages seized from a recipient’s phone can be used against the sender in court.

 

, , , , ,

Canada’s anti-spam legislation – myths and misconceptions

Over the past months, I have been writing, lecturing and advising on Canada’s anti-spam legislation (CASL). In discussing the legislation, I have encountered many myths and misconceptions about CASL and its implications. This is not surprising. The legislation and accompanying regulations create a complex and often confusing regulatory regime that contains more questions than answers.

 

, , , , , , , , , , , , , , , , , , , , , , , , ,

Privacy practices for developing mobile applications (apps)

mobile-apps

Privacy practices, and all things mobile, are both hot topics these days. This is in part because mobile devices and apps are fun, cool, provide value, and are on the rise. They are used by professionals of all types, and people of most any age, including our youth. This however feeds the assumption that technology in general, including mobile devices and apps, is threatening the privacy rights of individuals.

 

, , , , , , , , , , , , , , , , , , , , , ,

Three Facebook legal challenges businesses should know about

Over the brief period of Facebook’s existence, the company’s practices have provided a rich source of knowledge for businesses and other organizations that collect and use customers’ information, operate online or generally fall under the Personal Information Protection and Electronic Documents Act (PIPEDA) or other privacy legislation.

 

, , , , , , , , , , , , , , , , , , ,

Destruction of information – do you know your obligations?

Here’s something you might want to know about: the Federal Government has introduced a law to impose stricter obligations with respect to information and security breaches.

 

, , , , , , , , , , , , , ,

Amendments to PIPEDA disappoint privacy watchdogs

On May 29, the federal government introduced Bill C-29, the Safeguarding Canadians’ Personal Information Act, which makes substantial changes to the Personal Information Protection and Electronic Documents Act (PIPEDA). The Bill had been in development for several years, and one of its primary objectives was to address a significant gap in PIPEDA, the issue of mandatory disclosure of “material” breaches of personal information by the companies or organizations responsible.

 

, , , , , , , , , , , , , , , , ,

Privacy risk management – by design

I’ve discussed the Privacy by Design principle before, in the Inside Internal Control newsletter. In case you don’t know, PbD is an approach developed by Dr. Ann Cavoukian, the Privacy Commissioner of Ontario, which proactively embeds privacy protection by default in the design of an organization’s practices and products.

 

, , , , , , , , ,

When did privacy become such a huge issue?

I guess you’ve heard about some of the privacy breaches of the past few years. You know, the one where a major Canadian bank faxed personal information on thousands of customers to two random businesses in West Virginia and Quebec, or where the public officials left work laptops or memory keys unattended with unencrypted private data on citizens and they were stolen, and on and on. What’s happening? Why are these accidents popping up so frequently now?

 

, , ,