Initial reflections of the privacy commissioner on Ontario’s draft privacy bill Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Toronto.

Slides:



Advertisements
Similar presentations
Office of the Information and Privacy Commissioner, Ontario, Canada
Advertisements

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Wait Times Guarantee Pilot A partnership between Saint Elizabeth Health Care and the Assembly of Manitoba Chiefs.
PHIPA: The Year in Review Moderator: Debra Grant Panelists: Pam Slaughter Eric Holowaty Eric Holowaty Ron Heslegrave Ron Heslegrave PHIPA Summit: A Balancing.
1 Opening the Door: Access to Government Information A primer for Media Students Mohawk College Sept. 18, 2002 Bob Spence Communications Co-ordinator Office.
National Security in a Post-9/11 World: The Rise of Surveillance, … the Demise of Privacy? Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.
Industrial Relations in Canada Presentation at the Government-to-Government Session and Seminar for an Exchange of Information on Topics of Freedom of.
The Corporate Laws Amendment Bill, B6/2006. © 2006 Deloitte Touche Tohmatsu Corporate Laws Amendment Bill, B6/2006 – 29 May 2006 Introduction Presenting.
Securing North America’s Power Grid Dr. Ann Cavoukian, Ontario information and privacy commissioner Mark Fabro CISSP, CISM, President and Chief Security.
Research and the Health Information Act Rachel Hayward Office of the Information and Privacy Commissioner of Alberta.
Building Privacy into Health Information Technology Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Information Technology.
Complying with Privacy to Enable Innovation & Research
Personal Health Information Protection Act: The Role of the IPC Information & Privacy Commissioner/Ontario Toronto, Ontario October 20, 2004.
Health Information Protection Act An Overview
Information and Privacy Commissioner/Ontario, © 2005 PHIPA Personal Health Information Protection Act Privacy Issues Ann Cavoukian, Ph.D. Information &
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
New Canadian Anti-Spam Legislation Robert Lipson – April 8, 2014.
The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Bell.
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.
Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.
Internet and Information Technology Law September 18 th – Privacy Law Allyson Whyte Nowak UVIC.
Lecture to Carleton University, Center for European Studies, December 1, 2010.
1 Office of theCommissariat Privacy Commissionerà la protection de of Canadala vie privée du Canada Personal Information Protection and Electronic Documents.
PRIVATE SECTOR PRIVACY LEGISLATION The New Private Sector Privacy Regime Presented by Christopher Lee.
1 Access to Information & Protection of Privacy Information and Privacy Commission, Ontario 2001.
Getting to Privacy A Presentation to: Presented by: Mike Gurski.
A NEW GOVERNANCE PARADIGM: Canadian Privacy Law Developments March 11, 2004 Haliburton, Ontario Canada Volunteerism Initiative Arts Council for Haliburton.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
Class 13 Internet Privacy Law European Privacy.
Using Technology in Nursing Practice: Part 1: Complying with Policy 1.
Name of presenter(s) or subtitle Privacy laws and their impact on research David W. Stark MRIA B.C. Chapter November 2, 2005.
Forgetting, Non-Forgetting and Quasi-Forgetting: Public Policy and Corporate Practice Colin J. Bennett, Adam Molnar and Christopher Parsons Department.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Privacy: It’s just good business
Privacy: Do We Need It? Mike Gurski Senior Policy & Technology Advisor Information & Privacy Commission, Ontario Canada JetNet September 25, 2001 Ottawa.
The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Cambridge.
The Privacy Payoff: Build Your Business By Building Customer Trust Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Coast.
Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.
The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Transcend.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
Getting to the Truth about Privacy & Security Ann Cavoukian Ph.D. Information and Privacy Commissioner/Ontario Privacy & Security: Totally Committed November.
Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada Privacy by Design: Integrating Technology into Global Privacy Practices Harvard.
Data Protection Act AS Module Heathcote Ch. 12.
Privacy Professional Practice for Computer Science Guest Lecture, 05 March 2007 Philippa Lawson Director, Canadian Internet Policy & Public Interest Clinic.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Health Information Protection Act: A Major Step in Healthcare Privacy Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario St.
PIPEDA and Receivables Management Robin Gould-Soil Receivables Management Association of Canada November 16, 2011.
1 PHIPA Impact on Health Care Practitioners Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario University of St. Michaels College Barbara.
BC Public Libraries November, 2008 Privacy Principles.
Ontario’s New Health Information Protection Act: The Wait is Over Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Emergis.
Dispensary and Administration Site Information Presentation.
Personal Health Information Protection Act: The Role of the IPC Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario OCA/CMCC.
Go Beyond Compliance to Competitive Advantage: Make Privacy Pay Off Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario IFB Toronto.
1 Canadian Privacy Policy: Customizing E.U. Standards Remarks by Jennifer Stoddart Privacy Commissioner of Canada Privacy Symposium: Summer 2007 August.
The EU and Access to Environmental Information Unit D4 European Commission, Directorate General for the Environment 1.
Health Information Protection Act: A Major Step Forward in Healthcare Privacy Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.
Special Meeting on Procedures for Information Exchange November 7, 2007 Geneva Session 1 Anne Meininger United States USA WTO TBT Enquiry Point.
Data protection—training materials [Name and details of speaker]
Sharing Information Legally Lindsay Ould London Borough of Lewisham.
The Health Information Protection Act. What is the Health Information Protection Act (HIPA)? HIPA is legislation that speaks to access to, and protection.
Health Information Protection Act An Overview
Data Protection Officer’s Overview of the GDPR
Wait Times Guarantee Pilot
Barbara Hendrickson BAX SECURITIES LAW June 1st, 2018
The Electric Reliability Organization: Getting from here to there.
Data transfers to non-EU countries under the new GDPR
On the Cutting Edge – Update on Privacy Legislation
Reflections on PIPEDA and the Future of Privacy Law in Canada
Presentation transcript:

Initial reflections of the privacy commissioner on Ontario’s draft privacy bill Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Toronto Board of Trade February 19, 2002

Background to the Bill European Union  Directive on Data Protection Canadian Standards Association:  Model Code for the Protection of Personal Information Government of Canada  Personal Information Protection and Electronic Documents Act Government of Ontario  Privacy of Personal Information Act, 2002

Privacy of Personal Information Act, 2002  Integrated health & private sector privacy protection  Guide to Ontario’s Consultation on Privacy Protection   Privacy of Personal Information Act, 2002   Consultation period  Ends March 8, 2002

Scope of the Draft Bill  Bill applies to:  Ontario businesses  Ontario universities  Ontario hospitals, doctors, pharmacies, clinics…  Ontario associations (incorporated or not)  Ontario partnerships  Ontario unions  Does not apply to:  Individuals acting in a personal and non-commercial capacity  Artistic, journalistic or literary exemption

Ontario Draft Bill  Things we like: Made in Ontario response to PIPEDA Scope of Bill extends beyond business sector Based on CSA Fair Information Practices Single oversight body for both public and private sector privacy Dramatic improvements to health component from earlier Bill 159

Striking the Right Balance?  The government is working to find the appropriate privacy balance, But…  Concerns about the Bill:  Permitted uses without consent  Extensive use of Regulations  Lack of full investigation powers

Simplify the Draft Bill  Complex drafting  Inconsistencies  Redundancies  Duplication

Complex and Confusing Personal Information Personal Health Information Organizations (non-health) Health Information Custodians

Definition of Personal Information  Personal Information– covered  Personal Health Information– covered  Business Information– not covered  Professional Information– not covered

Exemptions to Consent  Exemptions should be very limited regarding the collection, use and disclosure without consent:  Minimize exemptions  Notice requirements  If exemptions exist for use or disclosure without consent, notice should be provided

Procedures for Access  Different procedures for accessing personal information vs. personal health information  Will create confusion, without adequate justification for doing so  Duplication between two access schemes completely unnecessary

Use of Regulations  Use of Regulations too broad:  Section 80(1)(g) enables specific organizations or classes of organizations, to be pulled outside of the scope of the legislation without any public consultation or accountability.  Section 80(1)(n) permits the government, without public consultation or accountability, to exempt organizations from acting in conformity with their information practices.

Commissioner’s Powers  Lack of full investigation powers  No power to compel witnesses to testify (risk of another POSO debacle)  Privacy oversight bodies in virtually every other jurisdiction with similar legislation have the power to require testimony, including: Canada (federal), Alberta, Saskatchewan, Manitoba, Quebec, Australia and New Zealand.

Other issues to consider  Consent  Express  Implied  Opt-in / Opt-out?  Notice  Sufficient?  Harmonization with PIPEDA

EU Response to PPIA?  EU Adequacy Decision  “Canada is considered as providing an adequate level of protection for personal data transferred from the Community to recipients subject to the Personal Information Protection and Electronic Documents Act.”  But…  “This Decision may be amended at any time in the light of experience with its functioning or of changes in Canadian legislation, including measures recognizing that a Canadian province has substantially similar legislation.”

The IPC & PPIA, 2002  Cooperation and mediation, not confrontation  IPC has a long history of working collaboratively with the public and private sectors  Learn from the experience of jurisdictions with private sector privacy laws:  “We have never seen a business plan that could not be operated within the [data privacy] legislation.” Elizabeth France, UK Commissioner  Will produce guidelines for businesses and public outlining responsibilities and expectations

The Value of Privacy “Complying with privacy regulations can be considered just a business cost, but many companies understand that a reputation for guarding privacy can also be a selling point. They need to be stewards, to the extent they can gain a competitive advantage from privacy.” Ken DeJarnette, Deloitte & Touche

How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario 80 Bloor St. W., Suite 1700, Toronto, M5S 2V1 Phone: (416) Web:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.