personal information

Three popular articles this week on HRinfodesk

August 15, 2019 Yosie Saint-Cyr, LL.B. Managing Editor Employee Relations, Human Resources, Human Rights, Payroll, Pensions and Benefits, Privacy and Security, Wages and Compensation, 0

The three popular articles this week on HRinfodesk deal with the duty to accommodate family status, rising insured health care and a privacy breach.

compensation, duty to accommodate, personal information, privacy breach

Workplace data theft – Protect your company with best practices

August 8, 2019 Lisa Stam, Spring Law Employee Relations, HR Policies and Procedures, Human Resources, Privacy and Security, 0

The Capital One Data Breach has been big news lately, and for good reason. It’s a big deal. This breach compromised the data of over 100 million Capital One customers. Instead of a shadowy overseas hacker or a creepy crawler from the dark web, the hacker was a former employee of the cloud hosting company through which Capital One stored their data.

Capital One data breach, data governance, data theft, employment law, Personal Health Information Protection Act, personal information, Personal Information Protection and Electronic Documents Act, PHIPA, privacy compliance practices, private data storage

PIPEDA Interpretation Bulletin regarding safeguards

August 6, 2019 Christina Catenacci HR Policies and Procedures, Human Resources, Privacy and Security, Training and Development, 0

The Privacy Commissioner of Canada has an Interpretation Bulletin dealing with privacy safeguards that can serve as helpful guidance for organizations who are subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).

collection of personal information, confidentiality of personal information, employment law, personal information, Personal Information Protection and Electronic Documents Act, record keeping, secure disposal of personal information, security safeguards., sensitive information

Is GPS data “personal information?”

July 19, 2019 Devan Marr Employee Relations, HR Policies and Procedures, Human Resources, Privacy and Security, 0

A recent decision by the Alberta Privacy Commissioner has confirmed that in some cases, an organization’s requirement for independent contractors to install GPS tracking devices on their vehicles will not violate applicable privacy legislation but does the data collected may be considered “personal information”.

employment law, GPS data, GPS devices, monitoring employees with GPS tracking, personal information, Personal Information Protection Act

Privacy Commissioner releases guidance document regarding cannabis transactions and privacy protection

March 4, 2019 Christina Catenacci Employee Relations, HR Policies and Procedures, Human Resources, Human Rights, Privacy and Security, Training and Development, 0

The Office of the Privacy Commissioner of Canada recently released a guidance document to help cannabis retailers and purchasers understand privacy rights and obligations under the Personal Information Protection and Electronic Documents Act (PIPEDA).

cannabis, employment law, personal information, Personal Information and Protection of Electronic Data Act, PIPEDA, privacy, technological security measures

Three popular articles this week on HRinfodesk

August 30, 2018 Yosie Saint-Cyr, LL.B. Managing Editor Employee Relations, Employment/Labour Standards, HR Policies and Procedures, Human Resources, Notice, Damages and Settlements, Payroll, Privacy and Security, Wages and Compensation

The three popular articles this week on HRinfodesk deal with a recent Ontario Court of Appeal decision that clarified the limitation period for a wrongful dismissal claim starts as soon as working notice is provided, the Morneau Shepell survey which shows employers in Canada are expecting salaries to increase by an average of 2.6 percent in 2019, and guidelines on obtaining meaningful consent.

Alberta Personal Information Protection Act, British Columbia Personal Information Protection Act, collecting personal information, collection, compensation, consent, employment law, employment standards act, ESA, Jones v Freidman, limitation period for wrongful dismissal, meaningful consent, obtaining consent, personal information, Personal Information Protection and Electronic Documents Act, PIPEDA, privacy, privacy policies, Quebec Act respecting the protection of personal information in the private sector, salary increases, Severance pay, use and disclosure of personal information, wages, wrongful dismissal, wrongful dismissal claim

Privacy Commissioner of Canada provides guidance on inappropriate data practices

June 4, 2018 Christina Catenacci Human Resources, Privacy and Security

The Privacy Commissioner has outlined several “No-Go Zones”, and organizations are recommended to avoid collection, use and disclosure of personal information for these inappropriate purposes.

audio surveillance, collect personal information, collecting data, data breaches, data collection, data disclosure, data practices, data protection, employee screening, employment law, inappropriate data practices, personal information, Personal Information Protection and Electronic Documents Act, PIPEDA, privacy, profiling, social media, surveillance, video surveillance

Discrimination or accommodation?

February 5, 2018 Michele Glassford Human Resources, Human Rights, Recruiting and Hiring

Accessibility legislation in Ontario requires employers to communicate with employees and the public about the availability of accommodation for job applicants with disabilities in both the recruitment process and when making job offers. There is no duty to pro-actively identify an employee’s or candidate’s disability.

accommodation, discrimination, Discrimination or accommodation, employment law, hiring, human rights, personal information, prohibited grounds of discrimination, recruiting

Privacy Commissioner of Canada creates draft guidance document outlining inappropriate data practices and no-go zones

December 6, 2017 Christina Catenacci HR and Technology, HR Policies and Procedures, Human Resources, Privacy and Security, Recruiting and Hiring

On September 28, 2017, the Privacy Commissioner of Canada created a draft guidance document providing clarification on inappropriate data practices, specifically focusing on subsection 5(3) of the Personal Information Protection and Electronic Documents Act (PIPEDA). This provision is entitled, “Appropriate purposes”, and states that, “an organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances”.

access to personal information, Data, disclosure, electronic devices, employment law, no-go zones, personal information, Personal Information and Protection of Electronic Data Act, PIPEDA, Privacy Commissioner of Canada, social media

Proposed privacy breach of security safeguards under PIPEDA

October 4, 2017 Christina Catenacci HR and Technology, HR Policies and Procedures, Human Resources, Privacy and Security

Organizations that have control over an individual’s personal information are recommended to become familiar with the proposed requirements so that they are prepared to respond to the changes.

breach of security safeguards, Data breach, Digital Privacy Act, employment law, personal information, PIPEDA

Principle of accountability under PIPEDA

January 9, 2017 Christina Catenacci Employee Relations, HR Policies and Procedures, Human Resources, Privacy and Security, Training and Development

Under Personal Information Protection and Electronic Documents Act (PIPEDA), there is nothing that prevents organizations from outsourcing the processing of data inside or outside of Canada—however, organizations must take all reasonable steps to protect that information from unauthorized uses and disclosures when it is in the hands of third party processors. This is where accountability, the first principle in PIPEDA, comes in; and there are obligations to meet regarding training staff that are highly relevant.

accountability, employment law, outsourced data, personal information, Personal Information Protection and Electronic Documents Act, PIPEDA, PIPEDA principles, privacy policy, third parties

“Safeguarding” personal information clarified

December 8, 2016 Christina Catenacci Employee Relations, HR and Technology, HR Policies and Procedures, Human Resources, Privacy and Security, Training and Development, Union Relations

You may be wondering, what exactly is “safeguarding” personal information? Thankfully, the Office of the Privacy Commissioner of Canada has clarified how safeguarding can reduce the risk of privacy breaches.

confidentiality of personal information, employment law, personal information, Personal Information Protection and Electronic Documents Act, PIPEDA, privacy policy, safeguarding personal information, safeguards

Privacy Commissioner releases annual report regarding portable storage devices

December 17, 2015 Christina Catenacci Employee Relations, HR Policies and Procedures, Human Resources, Privacy and Security

On December 10, 2015, the Privacy Commissioner of Canada released an annual report to Parliament highlighting a result of an audit of the government’s management of portable storage devices and reported data breaches.

accidental disclosure, Breach notification, corporate governance, Daniel Therrien, Data breach, encryption, Internal Controls, personal information, policies and procedures, portable storage device, Privacy Act, privacy and security risks, Privacy audit, Privacy Commissioner of Canada, reported data breaches, security settings

Lessons from the Saanich spyware fiasco and new privacy laws to be aware of

December 2, 2015 Employer Advisor, McCarthy Tétrault LLP Employee Relations, HR Policies and Procedures, Human Resources, Penalties and Fines, Privacy and Security, Training and Development

In our current information age, security over electronic information and protection against unauthorized access is foundational to employers’ businesses. To guard against endlessly multiplying electronic threats, employers must resort to electronic means and, understandably, often resort to broad and comprehensive software to protect their operations. However, the situation involving the District of Saanich earlier this […]

business’ privacy policies, Digital Act, electronic threats, employee’s consent, employee’s personal information, employment law, guidance from the Privacy Commissioner, implementing IT protections, Office of the Information and Privacy Commissioner, personal information, Privacy breach notification, privacy laws, privacy officer, Saanich spyware complaint

Digital Privacy Act is now law

October 6, 2015 Employer Advisor, McCarthy Tétrault LLP Employee Relations, HR Policies and Procedures, Human Resources, Penalties and Fines, Privacy and Security, Training and Development

The Digital Privacy Act (Bill S-4) passed into law, introducing (among other things) significant fines and mandatory breach notification (not yet in force) into the Personal Information Protection and Electronic Documents Act (PIPEDA).

commercial activities, confidentiality, Digital Privacy Act, mandatory breach notification, personal information, personal information online, Personal Information Protection and Electronic Documents Act, PIPEDA, privacy breach, privacy policies, security safeguards.