Presentation is loading. Please wait.

Presentation is loading. Please wait.

Initial reflections of the privacy commissioner on Ontario’s draft privacy bill Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Toronto.

Similar presentations


Presentation on theme: "Initial reflections of the privacy commissioner on Ontario’s draft privacy bill Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Toronto."— Presentation transcript:

1 Initial reflections of the privacy commissioner on Ontario’s draft privacy bill Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Toronto Board of Trade February 19, 2002

2 Background to the Bill European Union  Directive on Data Protection Canadian Standards Association:  Model Code for the Protection of Personal Information Government of Canada  Personal Information Protection and Electronic Documents Act Government of Ontario  Privacy of Personal Information Act, 2002

3 Privacy of Personal Information Act, 2002  Integrated health & private sector privacy protection  Guide to Ontario’s Consultation on Privacy Protection  www.cbs.gov.on.ca/mcbs/english/56Y2QL.htm www.cbs.gov.on.ca/mcbs/english/56Y2QL.htm  Privacy of Personal Information Act, 2002  www.cbs.gov.on.ca/mcbs/english/56Y2UJ.htm www.cbs.gov.on.ca/mcbs/english/56Y2UJ.htm  Consultation period  Ends March 8, 2002

4 Scope of the Draft Bill  Bill applies to:  Ontario businesses  Ontario universities  Ontario hospitals, doctors, pharmacies, clinics…  Ontario associations (incorporated or not)  Ontario partnerships  Ontario unions  Does not apply to:  Individuals acting in a personal and non-commercial capacity  Artistic, journalistic or literary exemption

5 Ontario Draft Bill  Things we like: Made in Ontario response to PIPEDA Scope of Bill extends beyond business sector Based on CSA Fair Information Practices Single oversight body for both public and private sector privacy Dramatic improvements to health component from earlier Bill 159

6 Striking the Right Balance?  The government is working to find the appropriate privacy balance, But…  Concerns about the Bill:  Permitted uses without consent  Extensive use of Regulations  Lack of full investigation powers

7 Simplify the Draft Bill  Complex drafting  Inconsistencies  Redundancies  Duplication

8 Complex and Confusing Personal Information Personal Health Information Organizations (non-health) Health Information Custodians

9 Definition of Personal Information  Personal Information– covered  Personal Health Information– covered  Business Information– not covered  Professional Information– not covered

10 Exemptions to Consent  Exemptions should be very limited regarding the collection, use and disclosure without consent:  Minimize exemptions  Notice requirements  If exemptions exist for use or disclosure without consent, notice should be provided

11 Procedures for Access  Different procedures for accessing personal information vs. personal health information  Will create confusion, without adequate justification for doing so  Duplication between two access schemes completely unnecessary

12 Use of Regulations  Use of Regulations too broad:  Section 80(1)(g) enables specific organizations or classes of organizations, to be pulled outside of the scope of the legislation without any public consultation or accountability.  Section 80(1)(n) permits the government, without public consultation or accountability, to exempt organizations from acting in conformity with their information practices.

13 Commissioner’s Powers  Lack of full investigation powers  No power to compel witnesses to testify (risk of another POSO debacle)  Privacy oversight bodies in virtually every other jurisdiction with similar legislation have the power to require testimony, including: Canada (federal), Alberta, Saskatchewan, Manitoba, Quebec, Australia and New Zealand.

14 Other issues to consider  Consent  Express  Implied  Opt-in / Opt-out?  Notice  Sufficient?  Harmonization with PIPEDA

15 EU Response to PPIA?  EU Adequacy Decision  “Canada is considered as providing an adequate level of protection for personal data transferred from the Community to recipients subject to the Personal Information Protection and Electronic Documents Act.”  But…  “This Decision may be amended at any time in the light of experience with its functioning or of changes in Canadian legislation, including measures recognizing that a Canadian province has substantially similar legislation.”

16 The IPC & PPIA, 2002  Cooperation and mediation, not confrontation  IPC has a long history of working collaboratively with the public and private sectors  Learn from the experience of jurisdictions with private sector privacy laws:  “We have never seen a business plan that could not be operated within the [data privacy] legislation.” Elizabeth France, UK Commissioner  Will produce guidelines for businesses and public outlining responsibilities and expectations

17 The Value of Privacy “Complying with privacy regulations can be considered just a business cost, but many companies understand that a reputation for guarding privacy can also be a selling point. They need to be stewards, to the extent they can gain a competitive advantage from privacy.” Ken DeJarnette, Deloitte & Touche

18 How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario 80 Bloor St. W., Suite 1700, Toronto, M5S 2V1 Phone: (416) 326-3333 Web: www.ipc.on.ca E-mail: commissioner@ipc.on.ca


Download ppt "Initial reflections of the privacy commissioner on Ontario’s draft privacy bill Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Toronto."

Similar presentations


Ads by Google