1 / 31

Privacy Law for Network Administrators

This comprehensive handbook covers key aspects of privacy law for network administrators, including criminal code, public sector and private sector privacy legislation, and sector-specific laws. It explores interception, privacy principles, accountability, consent, exceptions, safeguards, and oversight and enforcement mechanisms. The text provides detailed information on personal information protection, privacy principles interpretation, accountability, notice of purposes, consent, exceptions to consent, limiting collection and use, accuracy, safeguards, openness, access, exceptions to access, challenging compliance, and oversight by the Privacy Commissioner and Federal Court.

duron
Download Presentation

Privacy Law for Network Administrators

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick

  2. Overview • Criminal Code • Public sector privacy legislation • Private sector privacy legislation • Sector-specific legislation

  3. Criminal Code

  4. Interception and seizure of private communications • Prohibitions • Wire-to-wire communications • Wireless (radio-based) communications • Systems manager exception (quality control, unauthorized use, mischief) • Interception (wiretap) warrants • Content • Routing (“envelope”) data • Search and seizure warrants • 3d party production orders

  5. Public sector privacy legislation • Privacy Act • “Personal information” under control of a “government institution” • Provincial legislation

  6. Private sector privacy legislation

  7. PIPEDA Personal Information Protection and Electronic Documents Act

  8. History • EU Directive (1995) • “adequate level of protection” • CSA Model Code (1996) • Phased implementation • Full effect January 1, 2004

  9. Jurisdiction • Commercial activities (federal & provincial) • Employee information (federal only) • Exemptions • Privacy Act • Personal or domestic purposes • “substantially similar” provincial statutes (intra-provincial information only)

  10. Overview • Personal information • Privacy principles • Oversight and enforcement

  11. Personal Information • Definition • “information about an identifiable individual . . . [except] the name, title or business address or telephone number of an employee of an organization” • Intimacy not required • Collection v. generation irrelevant • Anonymity and aggregation

  12. Privacy Principles

  13. Interpretive tools • Schedule (“shall” v. “should”) (s. 5(2)) • Reasonableness (s. 5(3)) • “An organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances.”

  14. The Schedule

  15. Accountability • Designated person • 3d party transfers • Mere processing (contractual protections) • Disclosure (must comply with Act)

  16. Notice of purposes • New purposes

  17. Informed consent • No conditions for non-essential information • e.g. “no SIN, no connection” • Form of consent • Sensitivity of information • Express v. implied • “Opt-in” v. “opt-out” • Withdrawal of consent • Subject to legal and contractual restrictions

  18. Exceptions to consent • Collection • Interests of person and consent can’t be obtained • Investigation of breach of contract or law • Journalistic, artistic, or literary purpose • Publicly available and in regulations • Use • Investigation of breach of law • Health or security emergency • Statistical or scholarly research (restrictions) • Publicly available and in regulations • Collected under ss. 7(1)(a) or (b)

  19. Exceptions to consent con’t • Disclosure • Organization’s lawyer • Debt collection • Court order • Law enforcement and national security (where legal entitlement) • Investigation of breach of contract or law (to or by investigative body) • Health or security emergency • Statistical or scholarly research (restrictions) • Archives • 100 years or 20 years after death • Publicly available and in regulations • Compliance with law

  20. Limiting collection • Only for identified purposes

  21. Limiting use, disclosure and retention • No additional purposes without consent • Retain only for as long as necessary to fulfill purpose for which information collected • Retain long enough to enable access to information used for decision • Guidelines and procedures encouraged, including minimum and maximum retention periods

  22. Accuracy • Accurate, complete, and up-to-date

  23. Safeguards • Loss or theft, unauthorized access, etc. • Measures vary with sensitivity of information • Technological measures (e.g. encryption) • Employee training

  24. Openness • Policies in readily accessible form • Contact information • Means for access to information • General description of types of information held

  25. Access • Confirmation of existence • Right of review • Disclosure of information to third parties (list) • Minimal or no cost • Due diligence and time limits • Amendment and corrections

  26. Exceptions to Access • 3d party information • Solicitor-client privilege • Confidential commercial information • Health or security of 3d party • Compromise legal investigation • Information generated from formal dispute resolution process • Notification of access request to government for law enforcement (government veto)

  27. Challenging compliance • Procedures and notification • Duty to investigate • Appropriate remedies

  28. Oversight and Enforcement

  29. Privacy Commissioner • Complaints • PC’s power to initiate • Investigative powers and mediation • Reports (confidentiality and shaming) • Audits • Education, research, and compliance assistance

  30. Federal Court • Complainant • Privacy Commissioner • Remedies

  31. Provincial Legislation • Non-commercial • Employees in provincial sector • Commissioners’ order-making powers • Jurisdictional issues

More Related