Religion and Anti-Religion in Eastern Europe (William Stoddart).pdf
1 Canadian Privacy Policy: Customizing E.U. Standards Remarks by Jennifer Stoddart Privacy...
-
Upload
dulcie-patrick -
Category
Documents
-
view
215 -
download
0
Transcript of 1 Canadian Privacy Policy: Customizing E.U. Standards Remarks by Jennifer Stoddart Privacy...
1
Canadian Privacy Policy: Customizing E.U.
Standards
Canadian Privacy Policy: Customizing E.U.
StandardsRemarks by Jennifer Stoddart
Privacy Commissioner of Canada
Privacy Symposium: Summer 2007August 23, 2007
2
Personal Information Regulation in Canada
•Fair information/OECD principles became law: Personal Information Protection and Electronic Documents Act (PIPEDA)- 2000
•Civil and common law
3
Characteristics
• Adequate for E.U• Applies to all handling of
personal information by federally regulated commercial entities in Canada affecting Canadians
• Applies outside of Canada if personal information outsourced for processing, other uses (Abika case)
4
Characteristics•Unlike E.U in:–No registration of
databases–No prior approval for
export of personal information
–No restrictions on whistle blowing legislation
5
Characteristics• Enforcement through multi-functional approach• Federally
– Ombudsman (Agent of Parliament)– Investigate complaints– Mediation– Audits– Education– Outreach– Federal court litigation (damages)
• Substantially similar provinces– Tribunals (no damages)
6
Substantially Similar Principle
•Quebec (1994)•Alberta (2004)•B.C. (2004)•Ontario (Health, 2004)
7
Substantially Similar Provinces
• PIPEDA applies when:– Organization handling personal
information is federally regulated, e.g., banks, airlines
– Sending personal information from Canada elsewhere or across provincial borders
– Federally regulated employee information
8
Criteria
•Appropriate consent for collection/use/disclosure
•Opt-in (express) – sensitive
•Opt-out (implied) – reasonable test
9
When You Export Personal Information…
•Exporting personal information outside Canada
•PATRIOT Act Concerns•Finding #313 (CIBC
VISA)•Finding #365 (SWIFT)
10
When You Use Personal Information…
•Direct marketing practices–Finding #308 (Inserts)–Finding #297 (e-mails) –Finding #271 (Solicitations)
11
When Your Entity Markets in Canada…
•Can be situated outside Canada
•Abika case•TJX case and
federal/provincial enforcement
12
Security
• PIPEDA includes security principle in section 7
• Data Breach Guidelines• Recommend mandatory
notification in law
13
International Co-operation in Enforcement
•OPC with FTC and others•OECD Recommendation on
Cross-border Co-operation in the Enforcement of Laws Protecting Privacy, 2007
14
PIPEDA Enforcement: 2006
• 26% of complaints settled• 26 letters of recommendation
(e.g. financial institutions, insurance companies, law firms, real estate firms)
• 2 audits, e.g., Equifax• No OPC initiated actions in
Federal Court
15
Conclusion•Flexible compliance
approach•Same standards as E.U. •Extra-territorial reach• International
enforcement framework
16
29th International Data Protection and Privacy
Commissioners Conference
www.privacyconference2007.gc.ca
www.conferencevieprivee2007.gc.ca