Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Slides:

Advertisements

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

Advertisements

Data Protection Information Management / Jody McKenzie.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

The Problem Solvers TM Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.

The Data Protection (Jersey) Law 2005.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

Presentation by Mark Grady Vancouver Island University June 13, 2012.

6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.

Data Protection and Records Management

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

Internet and Information Technology Law September 18 th – Privacy Law Allyson Whyte Nowak UVIC.

PRIVATE SECTOR PRIVACY LEGISLATION The New Private Sector Privacy Regime Presented by Christopher Lee.

A NEW GOVERNANCE PARADIGM: Canadian Privacy Law Developments March 11, 2004 Haliburton, Ontario Canada Volunteerism Initiative Arts Council for Haliburton.

Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Protecting information rights – advancing information policy Privacy law reform for APP entities (organisations)

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

Using Technology in Nursing Practice: Part 1: Complying with Policy 1.

Operational Strategies for compliance with the new privacy legislation Excerpted from a Powerpoint presentation by Murray Long, Murray Long & Associates.

Forgetting, Non-Forgetting and Quasi-Forgetting: Public Policy and Corporate Practice Colin J. Bennett, Adam Molnar and Christopher Parsons Department.

13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.

6th CACR Information Security Workshop 1st Annual Privacy and Security Workshop (November 10, 2000) Incorporating Privacy into the Security Domain: Issues.

Protecting Your Private Parts Tracy Ann Kosa. Protecting Your Private Parts TASK Meeting, 27 February 2008 Objectives  Terminology  Privacy & Security.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Managing Risks Associated With Privacy Alison Baker- Senior Associate Hall & Wilcox 24 November

Initial reflections of the privacy commissioner on Ontario’s draft privacy bill Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Toronto.

Data Protection Act AS Module Heathcote Ch. 12.

Privacy Professional Practice for Computer Science Guest Lecture, 05 March 2007 Philippa Lawson Director, Canadian Internet Policy & Public Interest Clinic.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

PIPEDA and Receivables Management Robin Gould-Soil Receivables Management Association of Canada November 16, 2011.

Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.

BC Public Libraries November, 2008 Privacy Principles.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

1 Canadian Privacy Policy: Customizing E.U. Standards Remarks by Jennifer Stoddart Privacy Commissioner of Canada Privacy Symposium: Summer 2007 August.

INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.

An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.

Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.

Privacy Information for Advisors. Agenda PIPEDA Advisor Required Privacy Program Our MGA Privacy Program Recommendations for Advisors.

Privacy Compliance in Schools Darrebin A/P’s Network 7 May 2009.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

Human Subjects Update E. Wethington, Chair, UCHS.

Privacy Issues - Watch Out! John D.R. Craig ORIMS Professional Development Day March 19, 2013.

© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Data protection—training materials [Name and details of speaker]

SEMINAR: Copyright 2012 All rights reserved. This presentation and/or any part thereof is intended for personal use and may not be reproduced or distributed.

HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.

Nassau Association of School Technologists

PRIVACY TRAINING For CAILBA members

Privacy principles Individual written policies

Privacy principles Individual written policies

General Data Protection Regulation

APP entities (organisations)

Data Protection Legislation

Privacy & Access to Information

Move this to online module slides 11-56

G.D.P.R General Data Protection Regulations

Employee Privacy and Privacy of Employee Information

Mandatory Breach Reporting (isn’t *that* bad)

On the Cutting Edge – Update on Privacy Legislation

Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.

Student Data Privacy: National Trends and Wyoming’s Role

Presentation transcript:

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick

Overview Criminal Code Public sector privacy legislation Private sector privacy legislation Sector-specific legislation

Criminal Code

Interception and seizure of private communications Prohibitions –Wire-to-wire communications –Wireless (radio-based) communications –Systems manager exception (quality control, unauthorized use, mischief) Interception (wiretap) warrants –Content –Routing (“envelope”) data Search and seizure warrants 3d party production orders

Public sector privacy legislation Privacy Act –“Personal information” under control of a “government institution” Provincial legislation

Private sector privacy legislation

PIPEDA Personal Information Protection and Electronic Documents Act

History EU Directive (1995) –“adequate level of protection” CSA Model Code (1996) Phased implementation –Full effect January 1, 2004

Jurisdiction Commercial activities (federal & provincial) Employee information (federal only) Exemptions –Privacy Act –Personal or domestic purposes –“substantially similar” provincial statutes (intra-provincial information only)

Overview Personal information Privacy principles Oversight and enforcement

Personal Information Definition –“information about an identifiable individual... [except] the name, title or business address or telephone number of an employee of an organization” Intimacy not required Collection v. generation irrelevant Anonymity and aggregation

Privacy Principles

Interpretive tools Schedule (“shall” v. “should”) (s. 5(2)) Reasonableness (s. 5(3)) –“An organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances.”

The Schedule

Accountability Designated person 3d party transfers –Mere processing (contractual protections) –Disclosure (must comply with Act)

Notice of purposes New purposes

Informed consent No conditions for non-essential information –e.g. “no SIN, no connection” Form of consent –Sensitivity of information –Express v. implied –“Opt-in” v. “opt-out” Withdrawal of consent –Subject to legal and contractual restrictions

Exceptions to consent Collection –Interests of person and consent can’t be obtained –Investigation of breach of contract or law –Journalistic, artistic, or literary purpose –Publicly available and in regulations Use –Investigation of breach of law –Health or security emergency –Statistical or scholarly research (restrictions) –Publicly available and in regulations –Collected under ss. 7(1)(a) or (b)

Exceptions to consent con’t Disclosure –Organization’s lawyer –Debt collection –Court order –Law enforcement and national security (where legal entitlement) –Investigation of breach of contract or law (to or by investigative body) –Health or security emergency –Statistical or scholarly research (restrictions) –Archives –100 years or 20 years after death –Publicly available and in regulations –Compliance with law

Limiting collection Only for identified purposes

Limiting use, disclosure and retention No additional purposes without consent Retain only for as long as necessary to fulfill purpose for which information collected Retain long enough to enable access to information used for decision Guidelines and procedures encouraged, including minimum and maximum retention periods

Accuracy Accurate, complete, and up-to-date

Safeguards Loss or theft, unauthorized access, etc. Measures vary with sensitivity of information Technological measures (e.g. encryption) Employee training

Openness Policies in readily accessible form Contact information Means for access to information General description of types of information held

Access Confirmation of existence Right of review Disclosure of information to third parties (list) Minimal or no cost Due diligence and time limits Amendment and corrections

Exceptions to Access 3d party information Solicitor-client privilege Confidential commercial information Health or security of 3d party Compromise legal investigation Information generated from formal dispute resolution process Notification of access request to government for law enforcement (government veto)

Challenging compliance Procedures and notification Duty to investigate Appropriate remedies

Oversight and Enforcement

Privacy Commissioner Complaints PC’s power to initiate Investigative powers and mediation Reports (confidentiality and shaming) Audits Education, research, and compliance assistance

Federal Court Complainant Privacy Commissioner Remedies

Provincial Legislation Non-commercial Employees in provincial sector Commissioners’ order-making powers Jurisdictional issues