Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International Conference and Exposition October 24, 2002
Privacy Defined Information Privacy: Data Protection –Choice; control; informational self-determination –Personal control over the collection, use and disclosure of any recorded information about an identifiable individual
The Foundation: Fair Information Practices (FIPS) Accountability Identifying Purposes Consent Limiting Collection Limiting Use, Disclosure, Retention Accuracy Safeguards Openness Individual Access Challenging Compliance
Impetus for Change Growth of Privacy as a Global Issue EU Directive on Data Protection Expanding IT Networks Consumer Backlash
The Impact of Federal Legislation Personal Information Protection and Electronic Document Act (PIPEDA) Staggered implementation: –Federally regulated businesses, 2001 –Federal health sector, 2002 –Provincially regulated private sector, 2004
Why Ontario Legislation? Broader coverage than PIPEDA –Include universities, not-for –profits Special rules for health records –Recognize special relationship between patients and health care providers Employee records will be protected “One-stop shopping” for provincial inquiries
Privacy of Personal Information Act (PPIA) Consultation Draft released in February, 2002 Integrated private sector and health information privacy legislation Extensive consultations since the Spring Introduction ?
Scope of the Draft Ontario Legislation (PPIA) Applies to: Ontario businesses Ontario universities Ontario hospitals, doctors, pharmacies, clinics… Ontario associations (incorporated or not) Ontario partnerships Ontario unions Does not apply to: Individuals acting in a personal, non- commercial capacity Artistic, journalistic or literary exemption
What the Law Will Say Legislation based on fair information practices Consent basis for collection, use and disclosure of personal information Special rules for personal health information Right of access and correction Office of the Information and Privacy Commissioner to oversee legislation
Consent for Marketing Initial Position of Government – “Opt-in” only Canadian Marketing Association, other business groups organize opposition Charitable and Not-for-Profit Sectors strongly opposed opt-in
The Solution Bill will allow for opt-out consent for marketing/fundraising purposes Clear rules for content of opt-out notice and how it is to be exercised Limits on use of opt-out established
Role of the IPC IPC will be the oversight body Power to investigate individual complaints and refusal of access Review of information practices Extensive order-making powers
Role of the IPC (cont’d) Use of mediation to be stressed Order-making power - last resort Conducting public education programs Commenting on an organization’s information practices
Stressing the 3 Cs Consultation –Opening lines of communication with businesses and stakeholders Collaboration –Working together to find solutions Co-operation –Not confrontational when resolving complaints
Preparations Are Starting IPC outreach to business community: Met with key stakeholder associations Retail Council of Canada Canadian Marketing Association Insurance Bureau of Canada Ontario Hospital Association Consumer Council of Canada
for Business, it’s business as usual …for Business, it’s business as usual The world after 9/11 Clear distinction between public safety and business issues – make no mistake NO reduction in consumer expectations Increased value of trusted relationships
Importance of Consumer Trust In the post-9/11 world: –Consumers either as concerned or more concerned about online privacy –Concerns focused on the business use of personal information, not new government surveillance powers If consumers have confidence in a company’s privacy practices, consumers are more likely to: –Increase volume of business with company……....91% –Increase frequency of business……………….…...90% –Recommend to friends and family………….…….89% Harris/Westin Poll, Nov & Feb. 2002
How The Public Divides on Privacy The “Privacy Dynamic” - BattleAlan Westin for the minds of the pragmatists
The Bottom Line Privacy should be viewed as a business issue, not a compliance issue
How to Contact Us Brian Beamish Office of the Information & Privacy Commissioner/Ontario 80 Bloor Street West, Suite 1700 Toronto, Ontario M5S 2V1 Phone: Web: