Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Published byPrudence Walters Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick."— Presentation transcript:

1 Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick

2 Overview Criminal Code Public sector privacy legislation Private sector privacy legislation Sector-specific legislation

3 Criminal Code

4 Interception and seizure of private communications Prohibitions –Wire-to-wire communications –Wireless (radio-based) communications –Systems manager exception (quality control, unauthorized use, mischief) Interception (wiretap) warrants –Content –Routing (“envelope”) data Search and seizure warrants 3d party production orders

5 Public sector privacy legislation Privacy Act –“Personal information” under control of a “government institution” Provincial legislation

6 Private sector privacy legislation

7 PIPEDA Personal Information Protection and Electronic Documents Act

8 History EU Directive (1995) –“adequate level of protection” CSA Model Code (1996) Phased implementation –Full effect January 1, 2004

9 Jurisdiction Commercial activities (federal & provincial) Employee information (federal only) Exemptions –Privacy Act –Personal or domestic purposes –“substantially similar” provincial statutes (intra-provincial information only)

10 Overview Personal information Privacy principles Oversight and enforcement

11 Personal Information Definition –“information about an identifiable individual... [except] the name, title or business address or telephone number of an employee of an organization” Intimacy not required Collection v. generation irrelevant Anonymity and aggregation

12 Privacy Principles

13 Interpretive tools Schedule (“shall” v. “should”) (s. 5(2)) Reasonableness (s. 5(3)) –“An organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances.”

14 The Schedule

15 Accountability Designated person 3d party transfers –Mere processing (contractual protections) –Disclosure (must comply with Act)

16 Notice of purposes New purposes

17 Informed consent No conditions for non-essential information –e.g. “no SIN, no connection” Form of consent –Sensitivity of information –Express v. implied –“Opt-in” v. “opt-out” Withdrawal of consent –Subject to legal and contractual restrictions

18 Exceptions to consent Collection –Interests of person and consent can’t be obtained –Investigation of breach of contract or law –Journalistic, artistic, or literary purpose –Publicly available and in regulations Use –Investigation of breach of law –Health or security emergency –Statistical or scholarly research (restrictions) –Publicly available and in regulations –Collected under ss. 7(1)(a) or (b)

19 Exceptions to consent con’t Disclosure –Organization’s lawyer –Debt collection –Court order –Law enforcement and national security (where legal entitlement) –Investigation of breach of contract or law (to or by investigative body) –Health or security emergency –Statistical or scholarly research (restrictions) –Archives –100 years or 20 years after death –Publicly available and in regulations –Compliance with law

20 Limiting collection Only for identified purposes

21 Limiting use, disclosure and retention No additional purposes without consent Retain only for as long as necessary to fulfill purpose for which information collected Retain long enough to enable access to information used for decision Guidelines and procedures encouraged, including minimum and maximum retention periods

22 Accuracy Accurate, complete, and up-to-date

23 Safeguards Loss or theft, unauthorized access, etc. Measures vary with sensitivity of information Technological measures (e.g. encryption) Employee training

24 Openness Policies in readily accessible form Contact information Means for access to information General description of types of information held

25 Access Confirmation of existence Right of review Disclosure of information to third parties (list) Minimal or no cost Due diligence and time limits Amendment and corrections

26 Exceptions to Access 3d party information Solicitor-client privilege Confidential commercial information Health or security of 3d party Compromise legal investigation Information generated from formal dispute resolution process Notification of access request to government for law enforcement (government veto)

27 Challenging compliance Procedures and notification Duty to investigate Appropriate remedies

28 Oversight and Enforcement

29 Privacy Commissioner Complaints PC’s power to initiate Investigative powers and mediation Reports (confidentiality and shaming) Audits Education, research, and compliance assistance

30 Federal Court Complainant Privacy Commissioner Remedies

31 Provincial Legislation Non-commercial Employees in provincial sector Commissioners’ order-making powers Jurisdictional issues

Download ppt "Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick."

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
The Problem Solvers TM www.singleton.com Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.

The Problem Solvers TM Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Presentation by Mark Grady Vancouver Island University June 13, 2012.

Presentation by Mark Grady Vancouver Island University June 13, 2012.
6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.

6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.
Data Protection and Records Management

Data Protection and Records Management
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.

Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Internet and Information Technology Law September 18 th – Privacy Law Allyson Whyte Nowak UVIC.

Internet and Information Technology Law September 18 th – Privacy Law Allyson Whyte Nowak UVIC.
PRIVATE SECTOR PRIVACY LEGISLATION The New Private Sector Privacy Regime Presented by Christopher Lee.

PRIVATE SECTOR PRIVACY LEGISLATION The New Private Sector Privacy Regime Presented by Christopher Lee.
A NEW GOVERNANCE PARADIGM: Canadian Privacy Law Developments March 11, 2004 Haliburton, Ontario Canada Volunteerism Initiative Arts Council for Haliburton.

A NEW GOVERNANCE PARADIGM: Canadian Privacy Law Developments March 11, 2004 Haliburton, Ontario Canada Volunteerism Initiative Arts Council for Haliburton.
Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)

Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)

Similar presentations

Ads by Google