Privacy Issues - Watch Out!
John D.R. CraigORIMS Professional Development Day
March 19, 2013
2
The Issue
• Privacy is one of the most important developing legal issues
• Do we still have any Privacy? Are we entitled to expect any Privacy?
The Issue
• Regulation of Privacy is a mixed bag
– Information privacy legislation (PIPEDA)– Statutory privacy tort legislation (not in
Ontario)– Emerging common law privacy tort– Human Rights Code (anti-discrimination)
3
The Issue
• What is Privacy?– “Right to be left alone”– Private interests: informational, corporeal,
territorial, temporal– Reasonableness – Consent
4
The Issue
• Leading Privacy Issues– Surveillance– Background checks (criminal, credit, etc.)– Drug and alcohol testing– Medical information– Searches– Misuse of email/internet/social media– Cross-border transfer of information
5
The Issue
• Sources of Liability
– Direct liability for policies or actions taken
– Vicarious liability for the actions of employees
6
7
PIPEDA
• Information Privacy legislation exists federally and in BC, AB and QB
• PIPEDA is the federal law applicable to Ontario’s private sector:– “Commercial activities” are regulated:
purpose of making a profit– No application to provincially regulated
employment per se
8
PIPEDA
• Key Privacy principles:
– Consent– Limiting Collection– Limiting Use, Disclosure, and Retention– Safeguards– Accuracy
9
Enforcing PIPEDA
• Privacy Commissioner of Canada– Complaint– Investigation– Directives
• Federal Court– PCC can apply to the Court to convert directive
into an order– Trial de novo
PIPEDA Cases in the Federal Court
• The Federal Court has often been the voice of reason:
– Eastmond v. Canadian Pacific Railway (2004)
– Turner v. TELUS (2005)
– State Farm (2010)
Tort of Invasion of Privacy
• The Privacy tort has now arrived in Ontario:
– Somwar v. McDonald’s Restaurants (2006)
– Jones v. Tsige (2012)
11
12
Tort of Invasion of Privacy
• Implications
– A new and additional source of Privacy liability
– Applies to provincially regulated employment– High test should provide some comfort
Social Media – The New Frontier
• Privacy in Social Media – Is there any?
• A new source of risk that is difficult to regulate and control – examples:– Mocking customers– Criticizing managers– Posting private or confidential information
13
Social Media – The New Frontier
• Use of Social Media in hiring – beware
– Personal information may be irrelevant to hiring decisions
– Exposure to potential discrimination claims
15
Best Practices – Managing Risks
• Implement and enforce policies and practices on:
–Respect for Privacy principles in PIPEDA (e.g. Consent, Non-Disclosure, Access) –Personal use of electronic systems–Social media posting–Ethics in dealing with colleagues and customers
16
Best Practices – Managing Risks
• Be transparent about policies and practices with respect to collection, storage and use of personal information
• Conduct periodic training on personal information policies and practices
Best Practices – Managing Risks
• Catalogue the personal information collected and stored on systems (i.e. know what you have)
• Conduct periodic audits of compliance with Privacy principles
17
18
Best Practices – Managing Risk
• Keep up to date on developments in Privacy law, emerging Privacy issues, and best practices
– Heenan Blaikie sources include:• AccessPrivacy.ca• HeenanBlaikie.com/en/Expertise/Privacy-and-
Information-Management
Conclusion
THANK YOU!
19
Top Related