McCarthy Tétrault McCarthy Tétrault LLP An Act respecting the protection of personal information in the private sector (Quebec): « Particularities of the.

Slides:



Advertisements
Similar presentations
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Advertisements

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
AN OVERVIEW OF DATA PROTECTION LAW IN THE GCC NICK OCONNELL, Senior Associate – TMT JUNE 2013.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
US Constitution and Right to Privacy Generally only protects against government action Doesn’t obligate government to do something, but rather to refrain.
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
The Data Protection (Jersey) Law 2005.
Privacy and the Right to Know Grayson Barber, Esq. Grayson Barber, LLC.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection and Records Management
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Information Privacy Policy in Canada Presented By: Sue Wu.
Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.
Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations
Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.
LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.
Overview of Engagement – Under the terms of this engagement, the Advisor will provide advice in the areas checked below. Investment Management – Develop.
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)
6th CACR Information Security Workshop 1st Annual Privacy and Security Workshop (November 10, 2000) Incorporating Privacy into the Security Domain: Issues.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
1 Freedom of Information (Scotland) Act 2002 A strategic view.
The Data Protection Act 1998 The Eight Principles.
E-COMMERCE AND PRIVACY LAWS IN THE UAE Rindala Beydoun Senior Legal Counsel Al Tamimi & Company.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
Data Protection Act AS Module Heathcote Ch. 12.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Microsoft’s Commitment to Privacy Principles and practices concerning government access to enterprise customer data April 2,
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
Data Protection and Records Management. Key Responsibilities - Record Management Keep Information Accurate Disclose only if compatible with purpose for.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
Privacy and Disclosure Privacy and the Scope of Documentary Disclosure in Proceedings Involving School Boards Bruce Hutchison Genest Murray LLP Toronto.
TRADE SECRETS Presented By Joseph A. Calvaruso Orrick, Herrington & Sutcliffe LLP 1 © AIPLA 2012.
IT Applications Theory Slideshows By Mark Kelly Vceit.com Privacy Laws.
Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.
Digital Banking and Data Protection Achieving balance of compliance with customer experience and opportunity 30 September 2015 Paula Barrett Partner.
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
Risky business legal tips for safe selling online Internet World Nigel Miller Partner, Fox Williams LLP 1 May 2008.
1 Privacy Lessons from Other Industries Chris Zoladz, CIPP, Vice President, Information Protection Marriott International, President, International Association.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
Privacy Issues - Watch Out! John D.R. Craig ORIMS Professional Development Day March 19, 2013.
Data protection—training materials [Name and details of speaker]
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Data Protection Officer’s Overview of the GDPR
Privacy principles Individual written policies
Data Protection Legislation
PERSONAL DATA PROTECTION ACT 2010
Data Protection & Freedom of Information- An Introduction
General Data Protection Regulation
G.D.P.R General Data Protection Regulations
Current Privacy Issues That May Affect Your Credit Union
General Data Protection Regulation
Data Protection principles
Preparing for the GDPR - What do we need to do if we process children’s personal data? Data Protection Practitioners’ Conference 2018 #DPPC2018.
GDPR - New Data Protection Regulation
General Data Protection Regulations 2018
On the Cutting Edge – Update on Privacy Legislation
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
Presentation transcript:

McCarthy Tétrault McCarthy Tétrault LLP An Act respecting the protection of personal information in the private sector (Quebec): « Particularities of the Quebec privacy regime » and « Lessons learned » Charles Morgan June 19, 2003

McCarthy Tétrault McCarthy Tétrault LLP A. Particularities of the Quebec privacy regime

McCarthy Tétrault LLP 1.Not stand alone: »Statutory privacy regime buttressed by C.C.Q. and by Charter of the Human Rights and Freedoms

McCarthy Tétrault LLP 2. Not a code: »Principles are not neatly listed (e.g., 1-10); but principal fair information principles are in the law: a) identifying purposes b) limited collection c) limiting use, disclosure and retention d) accuracy e) safeguards f) access and rectification

McCarthy Tétrault LLP 3. Collection: »Is organized by « file »: each file has an object / purpose. »Informational obligation relates not just the « object of the file », but also a description of the use which will be made of the information, the categories of persons who will have access to it within the enterprise, the place where the file will be kept and the rights of access and rectification.

McCarthy Tétrault LLP 4. Use: »The Quebec Privacy Act establishes special treatment for the use of « nominative lists » (i.e. lists of names, addresses or telephone numbers of natural persons: may use nominative lists for purpose of commercial or philathopic prospection, without consent; but, must provide « opt out » option.

McCarthy Tétrault LLP 5. Communication: »Every person carrying on an enterprise in Québec who communicates, outside Québec, information relating to persons residing in Québec must take « all reasonable steps » to ensure that the information will not be used for purposes not relevant to the object of the file or communicated to third persons without the consent of the person concerned.

McCarthy Tétrault LLP 6. Access and rectification: »The person holding a file that is the subject of a request for access by the person concerned must respond within 30 days. »C.C.Q.: notice of rectification must be given without delay to every person having received the information in the preceding six months.

McCarthy Tétrault LLP 7. Consent: »Must be « manifest, free and enlightened ». »No specific treatment of « sensitive » personal information.

McCarthy Tétrault McCarthy Tétrault LLP B. Lessons learned

McCarthy Tétrault LLP 1. Privacy is important »Employees and customers are critically important to all businesses... especially yours. »So is their privacy and the integrity of their personal information. »If a business fails to respect this bond of privacy respect/integrity, it’s image and integrity are imperilled. »For businesses that deal with consumers, any standard form approach which fails to respect this bond and privacy law obligations is a short road to terribly adverse publicity, potential class actions and punitive damages.

McCarthy Tétrault LLP 2. Identifying purposes »Don’t underestimate the time required to identify personal information held on file and the problems of dealing with existing personal information (e.g., no grandfathering). »Make sure you define the purpose for collecting/using/disclosing personal information with language which is relevant to the whole ongoing relationship with the concerned individual, i.e. pre-employment through termination and references, as an example. The same principle applies to drafting consent language.

McCarthy Tétrault LLP 3. Consent »Get the consent at the beginning of the relationship with the individual. »Make sure your consents allow you to disclose personal information in the context of commercial transactions, even due diligence. »Make sure consents are enforceable (e.g., online data collection).

McCarthy Tétrault LLP 4. Communication »Don’t forget that each company in a corporate group is a separate legal person... a third party for purpose transfer/disclosure/use of personal information. »Make sure to include appropriate contractual safeguards when communicating personal information to third parties. »Consider the effect of multiple (overlapping) jurisdictions whenever communicating personal information to third parties.

McCarthy Tétrault McCarthy Tétrault LLP Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.