Under Personal Information Protection and Electronic Documents Act (PIPEDA), there is nothing that prevents organizations from outsourcing the processing of data inside or outside of Canada—however, organizations must take all reasonable steps to protect that information from unauthorized uses and disclosures when it is in the hands of third party processors. This is where accountability, the first principle in PIPEDA, comes in; and there are obligations to meet regarding training staff that are highly relevant.
You may be wondering, what exactly is “safeguarding” personal information? Thankfully, the Office of the Privacy Commissioner of Canada has clarified how safeguarding can reduce the risk of privacy breaches.
On December 10, 2015, the Privacy Commissioner of Canada released an annual report to Parliament highlighting a result of an audit of the government’s management of portable storage devices and reported data breaches.
The Digital Privacy Act (Bill S-4) passed into law, introducing (among other things) significant fines and mandatory breach notification (not yet in force) into the Personal Information Protection and Electronic Documents Act (PIPEDA).
The human rights landscape in Canada is shifting and society’s view of which personal characteristics deserve protection has changed dramatically. This is the result, in part, of technological advance. New technologies can offer great economic benefit but can simultaneously expose individuals to new forms of discrimination.
The names of people involved in labour arbitration should be disclosed with the arbitrator’s decisions, unless there are compelling reasons not to do so, according to the open-court principle and the public’s interest. The British Columbia Labour Relations Board affirmed the law in a recent review of an arbitrator’s decision. The board also affirmed arbitrators’ […]
Canada will see its first class action lawsuit based on the new tort of invading another’s privacy, after a Bank of Nova Scotia employee leaked customers’ personal information to his girlfriend for personal gain. At least 138 customers were subsequently defrauded. Ontario’s Superior Court accepted that the employer was vicariously liable for the employee’s actions […]
Three of the most popular articles this week on HRinfodesk deal with employment standards proactive inspections; disclosure under privacy law; and severance entitlements.
Employers are increasingly drafting and implementing bring-your-own-device (BYOD) policies for their employees. And they should be, since employees are increasingly using their personal digital devices—phones, tablets, laptops—to perform work, both in and out of the workplace. But employees may have trouble trusting their employers to stay out of their personal information…
The recent loss of a Canadian government hard drive containing personal information of receivers of student loans and the ensuing class action lawsuit are a stark reminder of how easy it is to be exposed to the pitfalls of data security breaches. In this day and age, when company data is stored on small, mobile devices, all it takes is an absent-minded employee leaving their USB key or smarthpone on the subway.
Last week, Alison J. Bird wrote for the First Reference Talks blog about the R. v. Cole case, involving a high school teacher who had kept photos of a naked, underage student on his work computer. In the several days, there have been a flurry of news stories calling attention to privacy boundaries employees can expect regarding work-licensed technology.