The recent loss of a Canadian government hard drive containing personal information of receivers of student loans and the ensuing class action lawsuit are a stark reminder of how easy it is to be exposed to the pitfalls of data security breaches. In this day and age, when company data is stored on small, mobile devices, all it takes is an absent-minded employee leaving their USB key or smarthpone on the subway.
Last week, Alison J. Bird wrote for the First Reference Talks blog about the R. v. Cole case, involving a high school teacher who had kept photos of a naked, underage student on his work computer. In the several days, there have been a flurry of news stories calling attention to privacy boundaries employees can expect regarding work-licensed technology.
The privacy commissioners of Canada, Alberta and British Columbia have developed a guide to help organizations implement an effective privacy management program that meets private-sector privacy legislation and to provide consistent direction on what it means to be an accountable organization when dealing with individuals’ personal information…
The Ontario Court of Appeal decision in Jones v. Tsige deals with a novel claim, one for damages for invasion of personal privacy. This decision has garnered a great deal of comment in the popular press in the time since its release. Is the decision as radical as some writers have suggested? What are the implications for privacy rights in Ontario, and, in particular, the conduct of employers and employees?
The Alberta Information and Privacy Commissioner recently confirmed that Alberta Health Services (AHS) breached the rights of one of its employees by intentionally using information from his addiction counselling against him during a human resources investigation. The breach of the employee’s personal health information clearly contravened the Health Information Act (HIA).
Here’s something readers might want to know about: the Federal Court has awarded damages in a case based on the Personal Information Protection and Electronic Documents Act. Why is that special? Well, it’s the first damages award in the 10-year history of the Act.
I recently read a case coming out of the Alberta Office of the Information and Privacy Commissioner dealing with an access to information request. Though this was a case dealing with a public body, the principle applies to any information request: there was simply no reason to deny the disclosure of information.
I recently read a news release by the Alberta Office of the Information and Privacy Commissioner that indicated that there are still high incidences of laptops containing personal information being stolen—without having security measures such as encryption put in place. The commissioner was left scratching his head.
A weekend Toronto Star article reported that employees at the Canada Revenue Agency are improperly reviewing the private financial affairs of taxpayers. Some are using agency computers to give favoured treatment to colleagues, friends, family—and themselves…
I’ve discussed the Privacy by Design principle before, in the Inside Internal Control newsletter. In case you don’t know, PbD is an approach developed by Dr. Ann Cavoukian, the Privacy Commissioner of Ontario, which proactively embeds privacy protection by default in the design of an organization’s practices and products.