First Reference Talks » personal information

Posts Tagged ‘personal information’

Year-end round-up

Tuesday, January 10th, 2012

Like most of you, I’m sure, I was extra busy before Christmas last year, and to top it all off, I got sick and had to leave some things unfinished. So I couldn’t bring you this brief round-up of things that happened in the last three months of 2011, much of which has to do with technology and how employers will use it to interact with employees and customers. But it’s a new year and I’ve recovered from my illness and my holidays, so without further ado…

Read the rest of this post »

Tags: Anti-spam bill, Canadian anti-spam legislation, cloud computing, copyright, Copyright Modernization Act, ECPA, facebook, Facebook comments as evidence, Facebook evidence, FISA, just cause to quit, no reasonable alternative to leaving the employment, online sales, online targeting, online tracking, personal information, Personal Information Protection and Electronic Documents Act, PIPEDA, profiling, public disclosure, social media, social networking, workplace conflict, Workplace Injury Tribunal
Posted in Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | Make a Comment »

Proposed privacy changes in British Columbia

Friday, October 14th, 2011

The Freedom of Information and Protection of Privacy Amendment Act, 2011 (Bill 3) was introduced in the British Columbia legislature on October 4, 2011. The Bill aims to facilitate digitization, compiling, sharing and combining of personal data across government ministries (including the Ministry of Labour, Citizens’ Services and Open Government). Individuals would be able to access government services with a secure digital identification card and personal ID number.

Read the rest of this post »

Tags: bill 3, combine personal data across ministries, data linking, digital identification, FOIPP, Freedom of Information and Protection of Privacy Act, Ministry of Labour, open government, personal data, personal information, Privacy Commissioner, privacy concerns
Posted in Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | Make a Comment »

Do you offer ‘paperless receipts’?

Monday, October 3rd, 2011

If you do, you should make sure you understand the privacy and personal information implications. CTV reports that some Canadian retailers are now offering their customers an “e-receipt”, which they can receive by email or access at dedicated websites. Sure, it’s a “green” option, and maybe more convenient for customers who want to track their purchases, but it requires the customer to provide an email address, which might allow retailers to “learn a lot about a customer’s preferences and buying habits”.

Read the rest of this post »

Tags: anti-spam law, e-receipt, electronic marketing, FAPP, Finance and Accounting PolicyPro, marketing, paperless receipt, personal information, Personal Information Protection and Electronic Documents Act, PIPEDA, privacy, privacy law, spam
Posted in Internal Controls, IT, Privacy and Security | 2 Comments »

Slaw: Using employee (patient) health information in human resources investigation

Thursday, August 11th, 2011

The Alberta Information and Privacy Commissioner recently confirmed that Alberta Health Services (AHS) breached the rights of one of its employees by intentionally using information from his addiction counselling against him during a human resources investigation. The breach of the employee’s personal health information clearly contravened the Health Information Act (HIA).

Read the rest of this post »

Tags: addiction counselling, Alberta, Alberta Health Services, Data breach, Disability, disclosure of personal information, employment law, health information, human resources investigation, Information and Privacy Commissioner, personal health information, personal information
Posted in Human Resources, Privacy and Security | Make a Comment »

Employer and insurer both breached privacy of employee

Wednesday, June 29th, 2011

The Office of the Information and Privacy Commissioner of Alberta has determined that an employer violated the Personal Information Protection Act and the Freedom of Information and Protection of Privacy Act when it disclosed more information than necessary to determine the employee’s eligibility for disability benefits, and that the group insurance provider used the information without consent.

Read the rest of this post »

Tags: Alberta, Breach of privacy, collecting medical information, consent, Disability benefits, Disclosing medical information, eligibility for disability benefits, employment law, Freedom of Information and Protection of Privacy Act, group insurance, Office of the Information and Privacy Commissioner, oipc, personal information, Personal Information Protection Act, using medical information, workers’ compensation, workplace injury
Posted in Human Resources, Privacy and Security | Make a Comment »

Strengthen personal data security; avoid the Sony experience

Wednesday, May 4th, 2011

Customers and employees entrust their personal information to businesses on a daily basis and expect that these businesses will treat that information with the care and respect it deserves by implementing the proper safeguards to keep it safe. However, just recently…

Read the rest of this post »

Tags: Alberta, British Columbia, class action lawsuit, data breaches, employment law, identity theft, law, lawsuit, Notice, ontario, personal data security, personal information, PlayStation, PlayStation Network, privacy legislation, privacy safeguards, private-sector privacy laws, protect personal information, PSN, Qriocity, Securing Personal Information, Securing Personal Information: A Self-Assessment Tool for Organizations, serious breach of the electronic security, Sony, unauthorized access
Posted in Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | Make a Comment »

Facebook: Friend or foe?

Monday, March 14th, 2011

Beware all litigants! Anything you post on Facebook may be used against you in a court of law.

Read the rest of this post »

Tags: Blogging, confidentiality, evidence, facebook, investigation, Judicial system, lawsuit, Myspace, personal information, policy and procedures, social media, twitter
Posted in Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | Make a Comment »

First damage award in PIPEDA case

Thursday, February 24th, 2011

Here’s something readers might want to know about: the Federal Court has awarded damages in a case based on the Personal Information Protection and Electronic Documents Act. Why is that special? Well, it’s the first damages award in the 10-year history of the Act.

Read the rest of this post »

Tags: damage award, document recording and retention obligations, document retention policies, employment law, FAPP, Federal Court, Finance and Accounting PolicyPro, Human Resources PolicyPro, information management, Information Technology PolicyPro, ITPP, maintaining accurate information, personal information, Personal Information Protection and Electronic Documents Act, PIPEDA, The Human Resources Advisor
Posted in Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | 2 Comments »

Destruction of information – do you know your obligations?

Thursday, February 10th, 2011

Here’s something you might want to know about: the Federal Government has introduced a law to impose stricter obligations with respect to information and security breaches.

Read the rest of this post »

Tags: Bill C-29, collecting data, data storage, FAPP, Finance and Accounting PolicyPro, personal information, Personal Information Protection and Electronic Documents Act, PIPEDA, privacy and risk management, Privacy Commissioner, privacy legislation, recycling, Safeguarding Canadians' Personal Information Act, security breaches, security gaps
Posted in Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | Make a Comment »

Take access to information requests seriously

Friday, January 7th, 2011

I recently read a case coming out of the Alberta Office of the Information and Privacy Commissioner dealing with an access to information request. Though this was a case dealing with a public body, the principle applies to any information request: there was simply no reason to deny the disclosure of information.

Read the rest of this post »

Tags: access to information, Alberta, disclosure, employment law, FIPPA, Freedom of Information and Protection of Privacy Act, information request, Office of the Information and Privacy Commissioner, personal information, trade secrets
Posted in Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | Make a Comment »

Most organizations still don’t encrypt data when it leaves the office

Friday, December 17th, 2010

I recently read a news release by the Alberta Office of the Information and Privacy Commissioner that indicated that there are still high incidences of laptops containing personal information being stolen—without having security measures such as encryption put in place. The commissioner was left scratching his head.

Read the rest of this post »

Tags: Alberta, canadian employment law, employment law, encryption, Encryption technology, identity theft, laptops, Office of the Information and Privacy Commissioner, personal information, private sector privacy legislation, protecting personal information, security measures, stolen laptops, technology
Posted in Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | Make a Comment »

Toronto Humane Society investigation update

Thursday, September 9th, 2010

We reported earlier this year about the perils of bad governance in the case of the Toronto Humane Society. The non-profit organization faced a raid and subsequent investigation after complaints of serious mistreatment of animals, overcrowding, rampant illness and disease, disgusting workplace conditions and generally poor management. The Ontario Society for the Prevention of Cruelty to Animals removed animals from the premises, confiscated documents, arrested the president and senior management and charged them with animal cruelty and conspiracy to commit an indictable offence, and discharged the board of directors and charged them with “non-criminal” animal cruelty.

Read the rest of this post »

Tags: animal cruelty, Charter of Rights and Freedoms, exposure, governance, investigation, investigations, OSPCA, personal information, risk management, Toronto Humane Society, unreasonable search and seizure, workplace investigation
Posted in Finance and Accounting, Human Resources, Internal Controls, IT, Privacy and Security, Not-for-Profit | Make a Comment »

Customer privacy policies and employee handling of customer personal information

Wednesday, June 23rd, 2010

A weekend Toronto Star article reported that employees at the Canada Revenue Agency are improperly reviewing the private financial affairs of taxpayers. Some are using agency computers to give favoured treatment to colleagues, friends, family—and themselves…

Read the rest of this post »

Tags: Canada Revenue Agency, CRA, customer personal information, disclosure of personal information, employment law, personal information, personal information protection, PIPA, PIPEDA, privacy, privacy and risk management, privacy breach, privacy legislation, privacy policy, privacy rights
Posted in Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | Make a Comment »

Amendments to PIPEDA disappoint privacy watchdogs

Thursday, June 17th, 2010

On May 29, the federal government introduced Bill C-29, the Safeguarding Canadians’ Personal Information Act, which makes substantial changes to the Personal Information Protection and Electronic Documents Act (PIPEDA). The Bill had been in development for several years, and one of its primary objectives was to address a significant gap in PIPEDA, the issue of mandatory disclosure of “material” breaches of personal information by the companies or organizations responsible.

Read the rest of this post »

Tags: disclosure of personal information, employee personal information, employment law, Finance and Accounting PolicyPro, Human Resources, information breaches, Information Technology PolicyPro, Janet Lo, Michael Geist, not-for-profit policypro, personal information, personal information protection, Personal Information Protection and Electronic Documents Act, PIPEDA, privacy, privacy breach, privacy legislation, Safeguarding Canadians' Personal Information Act
Posted in Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | Make a Comment »

Privacy risk management – by design

Thursday, June 10th, 2010

I’ve discussed the Privacy by Design principle before, in the Inside Internal Control newsletter. In case you don’t know, PbD is an approach developed by Dr. Ann Cavoukian, the Privacy Commissioner of Ontario, which proactively embeds privacy protection by default in the design of an organization’s practices and products.

Read the rest of this post »

Tags: confidentiality, employee personal information, PbD, PbD principles, personal information, privacy, privacy and risk management, privacy by design, Privacy Commissioner, privacy legislation
Posted in Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | Make a Comment »