Download presentation
Presentation is loading. Please wait.
Published byElisabeth Andrews Modified over 9 years ago
1
Initial reflections of the privacy commissioner on Ontario’s draft privacy bill Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Toronto Board of Trade February 19, 2002
2
Background to the Bill European Union Directive on Data Protection Canadian Standards Association: Model Code for the Protection of Personal Information Government of Canada Personal Information Protection and Electronic Documents Act Government of Ontario Privacy of Personal Information Act, 2002
3
Privacy of Personal Information Act, 2002 Integrated health & private sector privacy protection Guide to Ontario’s Consultation on Privacy Protection www.cbs.gov.on.ca/mcbs/english/56Y2QL.htm www.cbs.gov.on.ca/mcbs/english/56Y2QL.htm Privacy of Personal Information Act, 2002 www.cbs.gov.on.ca/mcbs/english/56Y2UJ.htm www.cbs.gov.on.ca/mcbs/english/56Y2UJ.htm Consultation period Ends March 8, 2002
4
Scope of the Draft Bill Bill applies to: Ontario businesses Ontario universities Ontario hospitals, doctors, pharmacies, clinics… Ontario associations (incorporated or not) Ontario partnerships Ontario unions Does not apply to: Individuals acting in a personal and non-commercial capacity Artistic, journalistic or literary exemption
5
Ontario Draft Bill Things we like: Made in Ontario response to PIPEDA Scope of Bill extends beyond business sector Based on CSA Fair Information Practices Single oversight body for both public and private sector privacy Dramatic improvements to health component from earlier Bill 159
6
Striking the Right Balance? The government is working to find the appropriate privacy balance, But… Concerns about the Bill: Permitted uses without consent Extensive use of Regulations Lack of full investigation powers
7
Simplify the Draft Bill Complex drafting Inconsistencies Redundancies Duplication
8
Complex and Confusing Personal Information Personal Health Information Organizations (non-health) Health Information Custodians
9
Definition of Personal Information Personal Information– covered Personal Health Information– covered Business Information– not covered Professional Information– not covered
10
Exemptions to Consent Exemptions should be very limited regarding the collection, use and disclosure without consent: Minimize exemptions Notice requirements If exemptions exist for use or disclosure without consent, notice should be provided
11
Procedures for Access Different procedures for accessing personal information vs. personal health information Will create confusion, without adequate justification for doing so Duplication between two access schemes completely unnecessary
12
Use of Regulations Use of Regulations too broad: Section 80(1)(g) enables specific organizations or classes of organizations, to be pulled outside of the scope of the legislation without any public consultation or accountability. Section 80(1)(n) permits the government, without public consultation or accountability, to exempt organizations from acting in conformity with their information practices.
13
Commissioner’s Powers Lack of full investigation powers No power to compel witnesses to testify (risk of another POSO debacle) Privacy oversight bodies in virtually every other jurisdiction with similar legislation have the power to require testimony, including: Canada (federal), Alberta, Saskatchewan, Manitoba, Quebec, Australia and New Zealand.
14
Other issues to consider Consent Express Implied Opt-in / Opt-out? Notice Sufficient? Harmonization with PIPEDA
15
EU Response to PPIA? EU Adequacy Decision “Canada is considered as providing an adequate level of protection for personal data transferred from the Community to recipients subject to the Personal Information Protection and Electronic Documents Act.” But… “This Decision may be amended at any time in the light of experience with its functioning or of changes in Canadian legislation, including measures recognizing that a Canadian province has substantially similar legislation.”
16
The IPC & PPIA, 2002 Cooperation and mediation, not confrontation IPC has a long history of working collaboratively with the public and private sectors Learn from the experience of jurisdictions with private sector privacy laws: “We have never seen a business plan that could not be operated within the [data privacy] legislation.” Elizabeth France, UK Commissioner Will produce guidelines for businesses and public outlining responsibilities and expectations
17
The Value of Privacy “Complying with privacy regulations can be considered just a business cost, but many companies understand that a reputation for guarding privacy can also be a selling point. They need to be stewards, to the extent they can gain a competitive advantage from privacy.” Ken DeJarnette, Deloitte & Touche
18
How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario 80 Bloor St. W., Suite 1700, Toronto, M5S 2V1 Phone: (416) 326-3333 Web: www.ipc.on.ca E-mail: commissioner@ipc.on.ca
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.