Privacy Issues - Watch Out!

John D.R. CraigORIMS Professional Development Day

March 19, 2013

2

The Issue

• Privacy is one of the most important developing legal issues

• Do we still have any Privacy? Are we entitled to expect any Privacy?

The Issue

• Regulation of Privacy is a mixed bag

– Information privacy legislation (PIPEDA)– Statutory privacy tort legislation (not in

Ontario)– Emerging common law privacy tort– Human Rights Code (anti-discrimination)

3

The Issue

• What is Privacy?– “Right to be left alone”– Private interests: informational, corporeal,

territorial, temporal– Reasonableness – Consent

4

The Issue

• Leading Privacy Issues– Surveillance– Background checks (criminal, credit, etc.)– Drug and alcohol testing– Medical information– Searches– Misuse of email/internet/social media– Cross-border transfer of information

5

The Issue

• Sources of Liability

– Direct liability for policies or actions taken

– Vicarious liability for the actions of employees

6

7

PIPEDA

• Information Privacy legislation exists federally and in BC, AB and QB

• PIPEDA is the federal law applicable to Ontario’s private sector:– “Commercial activities” are regulated:

purpose of making a profit– No application to provincially regulated

employment per se

8

PIPEDA

• Key Privacy principles:

– Consent– Limiting Collection– Limiting Use, Disclosure, and Retention– Safeguards– Accuracy

9

Enforcing PIPEDA

• Privacy Commissioner of Canada– Complaint– Investigation– Directives

• Federal Court– PCC can apply to the Court to convert directive

into an order– Trial de novo

PIPEDA Cases in the Federal Court

• The Federal Court has often been the voice of reason:

– Eastmond v. Canadian Pacific Railway (2004)

– Turner v. TELUS (2005)

– State Farm (2010)

Tort of Invasion of Privacy

• The Privacy tort has now arrived in Ontario:

– Somwar v. McDonald’s Restaurants (2006)

– Jones v. Tsige (2012)

11

12

Tort of Invasion of Privacy

• Implications

– A new and additional source of Privacy liability

– Applies to provincially regulated employment– High test should provide some comfort

Social Media – The New Frontier

• Privacy in Social Media – Is there any?

• A new source of risk that is difficult to regulate and control – examples:– Mocking customers– Criticizing managers– Posting private or confidential information

13

Social Media – The New Frontier

• Use of Social Media in hiring – beware

– Personal information may be irrelevant to hiring decisions

– Exposure to potential discrimination claims

15

Best Practices – Managing Risks

• Implement and enforce policies and practices on:

–Respect for Privacy principles in PIPEDA (e.g. Consent, Non-Disclosure, Access) –Personal use of electronic systems–Social media posting–Ethics in dealing with colleagues and customers

16

Best Practices – Managing Risks

• Be transparent about policies and practices with respect to collection, storage and use of personal information

• Conduct periodic training on personal information policies and practices

Best Practices – Managing Risks

• Catalogue the personal information collected and stored on systems (i.e. know what you have)

• Conduct periodic audits of compliance with Privacy principles

17

18

Best Practices – Managing Risk

• Keep up to date on developments in Privacy law, emerging Privacy issues, and best practices

– Heenan Blaikie sources include:• AccessPrivacy.ca• HeenanBlaikie.com/en/Expertise/Privacy-and-

Information-Management

Conclusion

THANK YOU!

19