Privacy, personal information, law enforcement and lawful access

Similar documents
TELUS Transparency Report

Outline. David T.S. Fraser (

Privacy and the Workplace. David T.S. Fraser The Canadian Institute May 2007

TekSavvy Solutions Inc.

Definitions The following terms have these meanings in this Policy: a. Act Personal Information Protection and Electronic Documents Act;

Protecting Your Privacy

Resolutions Adopted at the 96 th Annual Conference August 2001 Saskatoon, Saskatchewan

EUROPEAN UNION. Brussels, 3 February 2006 (OR. en) 2005/0182 (COD) PE-CONS 3677/05 COPEN 200 TELECOM 151 CODEC 1206 OC 981

DEPARTMENT OF JUSTICE CANADA MINISTÈRE DE LA JUSTICE CANADA

TRANSPARENCY REPORTING FOR BEGINNERS: MEMO #1 *DRAFT* 2/26/14 A SURVEY OF

Green Freight Asia Privacy Policy

Results report Missing Persons Act What was this engagement about? The Yukon Government was looking to develop legislation as a mechanism to assist

Regulation of Interception of Act 18 Communications Act 2010

Five questions about blowing the whistle

INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE

Law Enforcement Request for Personal Information Procedures - What to do When a Police Officer Asks for Information

TORONTO POLICE SERVICES BOARD REGULATED INTERACTION WITH THE COMMUNITY AND THE COLLECTION OF IDENTIFYING INFORMATION

Investigatory Powers Bill

Privacy. Purpose. Scope. Policy. Appendix A

Telecommunications Information Privacy Code 2003

PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013

INDEX. A Access and correction requests, see also Access to and correction of personal information. .. Part 8 of the Act, 110

Issue Area Current Law S as reported by Senate Judiciary Comm. H.R as reported by House Judiciary Comm.

The Manitoba Identification Card. Secure proof of age, identity and Manitoba residency

3RD SESSION, 41ST LEGISLATURE, ONTARIO 67 ELIZABETH II, Bill 14. An Act with respect to the custody, use and disclosure of personal information

The Manitoba Identification Card. Secure proof of age, identity and Manitoba residency

T-Mobile US, Inc. Transparency Report for 2016

Presentation Outline

INDEX. A Access and correction requests, see also Access to and correction of personal information. .. Part 8 of the Act, 115

Who's in Charge Here? Information Privacy in a Social Networking World

Data protection and privacy aspects of cross-border access to electronic evidence

Privacy policy. 1.1 We are committed to safeguarding the privacy of our website visitors.

HAUT-COMMISSARIAT AUX DROITS DE L HOMME OFFICE OF THE HIGH COMMISSIONER FOR HUMAN RIGHTS PALAIS DES NATIONS 1211 GENEVA 10, SWITZERLAND

LAW ENFORCEMENT ASSISTANCE VODAFONE GLOBAL POLICY STANDARD

Association of Law Enforcement Intelligence Units

Cell Site Simulator Privacy Model Bill

Privacy, Policy and Public Opinion in Canada

Privacy and Access in British Columbia

Information and Privacy. Commissioner. Ontario ORDER MO Ann Cavoukian, Ph.D. Commissioner /

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION.

Introduction to Wiretap Law

If you wish to understand it further, please consult my more detailed and articulated analysis.

The Health Information Protection Regulations

Cybercrime Legislation Amendment Bill 2011

PIPEDA and Your Practice

closer look at Rights & remedies

CCPA Analysis Of Bill C-36 An Act To Combat Terrorism

BEFORE THE EUROPEAN COMMITTEE ON LEGAL COOPERATION OF THE COUNCIL OF EUROPE PLENARY MEETING OCTOBER 11-14, 2010

The New Mandatory Data Breach Requirements under Canada s Federal Privacy Act

T-Mobile Transparency Report for 2013 and 2014

European Data Protection Supervisor Your personal information and the EU administration: What are your rights?

PRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way.

Coordinated text from 10 August 2011 Version applicable from 1 September 2011

3 Nomination Meetings 3.1 Nomination Timeline 3.2. Civil and Equal Rights criteria need to be applied in the Candidate Search

REGULATION OF INVESTIGATORY POWERS BILL SECOND READING BRIEFING

Nestlé Canada Inc. Privacy Policies and Practices April 13, 2012

ASSOCIATION OF PROFESSIONAL ENGINEERS AND GEOSCIENTISTS OF BRITISH COLUMBIA,

Electronic Commerce 101. David TS Fraser RELANS April 2010

1 SB By Senators Orr and Holley. 4 RFD: Governmental Affairs. 5 First Read: 13-FEB-18. Page 0

3. PRIZE: There will be six (6) prizes (the Prize ) awarded during the contest period to six (6) selected entrants consisting of the following:

Electronic Privacy Information Center September 24, 2001

GUEST WIFI NETWORK. Terms and Conditions and Acceptable Use Protocol

MUNICIPALITY OF NORTH MIDDLESEX. ELECTION POLICIES and PROCEDURES (including Telephone/Internet voting) for the 2018 ONTARIO MUNICIPAL ELECTION

Guidelines on the Safe use of the Internet and Social Media by Police Officers and Police Staff

1 HB By Representative Williams (P) 4 RFD: Technology and Research. 5 First Read: 13-FEB-18. Page 0

Five Year Review of the Personal Information Protection and Electronic Documents Act (PIPEDA)

16 March Purpose & Introduction

MUNICIPALITY OF MIDDLESEX CENTRE. TELEPHONE/INTERNET VOTING ELECTION POLICIES and PROCEDURES for the 2018 ONTARIO MUNICIPAL ELECTION

Manual on the Communications (Retention of Data) Act 2011

WHISTLE BLOWING POLICY

MANITOBA FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY RESOURCE MANUAL

The Privacy Policy links to the following Objective contained within the City Plan

THE FEDERAL LOBBYISTS REGISTRATION SYSTEM

The Health Information Protection Act

Submission to the Joint Committee on the draft Investigatory Powers Bill

Police Newsletter, July 2015

Communications Security Establishment Commissioner. Annual Report

Privacy Guidelines for Municipalities Regulating Businesses Dealing in Second-hand Goods

Rugby Ontario Policy Manual

IN THE QUEEN'S BENCH JUDICIAL CENTRE OF REGINA. -and-

HEALTH INFORMATION ACT

County Sheriff s Office

TELECOMMUNICATIONS ORDINANCE (Chapter 106) SERVICES-BASED OPERATOR LICENCE. [Name of Licensee]...

Joint Committee on the Draft Investigatory Powers Bill Information Commissioner s submission

Q. What do the Law Commission and the Ministry of Justice recommend?

Releasing personal information to Police and law enforcement agencies: Guidance on health and safety and Maintenance of the law exceptions

Employer Designation Application

PROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016

House Standing Committee on Social Policy and Legal Affairs

1 SB By Senators Orr and Holley. 4 RFD: Governmental Affairs. 5 First Read: 13-FEB-18. Page 0

2.16 Freedom of Information and Protection of Privacy Act

PERSONAL INFORMATION PROTECTION ACT REVIEW QUESTIONNAIRE

Policy Framework for the Regional Biometric Data Exchange Solution

CASELLE, INC. Software as a Service Agreement

Trustwave Subscriber Agreement for Digital Certificates Ver. 15FEB17

I. REGULATION OF INVESTIGATORY POWERS BILL

Security Video Surveillance Policy

AeroScout App End User License Agreement

Show Me Your Papers. Can Police Arrest You for Failing to Identify Yourself? Is history repeating? Can this be true in the United States?

14480/1/17 REV 1 MP/mj 1 DG D 2B LIMITE EN

Transcription:

Privacy, personal information, law enforcement and lawful access David T.S. Fraser david.fraser@mcinnescooper.com Canadian Bar Association New Brunswick

What is Privacy? Has been characterised as the right to be left alone, to be secure in one s home and free from unwanted interference In the context of more modern privacy laws, privacy means having control over one s personal information Choice of whether to disclose information at all Control over with whom it is shared Control over how it is used Don t lose control once you ve released your information into the wild 2

Personal Information Protection and Purpose Electronic Documents Act 3. The purpose of this Part is to establish, in an era in which technology increasingly facilitates the circulation and exchange of information, rules to govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. 3

PIPEDA Personal Information Addresses personal information information about an identifiable individual: - NOT name, title, business address or telephone number of an employee of an organization - Would include name, address, income, health information, demographics, preferences, birth date, SIN, customer numbers, unique identifiers Also includes information that may be traced back to an individual

Privacy Principles Based on the principles of the Canadian Standards Association Model Code for the Protection of Personal Information: 1. Accountability 2. Identifying purposes 3. Consent 4. Limiting collection 5. Limiting use, disclosure and retention 6. Accuracy 7. Safeguards 8. Openness 9. Individual access 10. Challenging compliance

The General Rule is Consent 4.3 Principle 3 -- Consent The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.

Consent Exceptions Section 7 of PIPEDA sets out the only allowed exceptions to the general consent rule S. 7(1) Allows some collection S. 7(2) Allows some use S. 7(3) Allows some disclosure Warning: Not very easy to follow. At all.

Consent Exceptions Consent exceptions are very dangerous Virtually all circumstances are fraught with risk: Permissive exceptions, not mandatory - S. 7 allows you to do things that would otherwise be unlawful under PIPEDA does not force you to do so.

Investigations by the organization S. 7(1)(b) it is reasonable to expect that the collection with the knowledge or consent of the individual would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province. - Can be collected and used - Has been used and upheld, for example by bank in the course of fraud investigation

Compelled production S. 7(3)(c) may disclose information if required to comply with a subpoena or warrant issued or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with rules of court relating to the production of records - Allows disclosure to a body that can compel the documents.

Disclosure to law enforcement S. 7(3)(d) made on the initiative of the organization to an investigative body, a government institution or a part of a government institution and the organization (i) has reasonable grounds to believe that the information relates to a breach of an agreement or a contravention of the laws of Canada, a province or a foreign jurisdiction that has been, is being or is about to be committed, or (ii) suspects that the information relates to national security, the defence of Canada or the conduct of international affairs; - Allows disclosure to police, investigative bodies - Made on the initiative of the organization - Investigative body is defined in the regulations.

Disclosure to law enforcement (c.1) made to a government institution or part of a government institution that has made a request for the information, identified its lawful authority to obtain the information and indicated that (i) it suspects that the information relates to national security, the defence of Canada or the conduct of international affairs, (ii) the disclosure is requested for the purpose of enforcing any law of Canada, a province or a foreign jurisdiction, carrying out an investigation relating to the enforcement of any such law or gathering intelligence for the purpose of enforcing any such law, or (iii) the disclosure is requested for the purpose of administering any law of Canada or a province; Permits disclosure to law enforcement, at their request, if these requirements are satisfied.

What is lawful authority? Recently considered in Re S.C., 2006 ONCJ 343 (CanLII) by an Ontario JP. Police suspected criminal activity by Bell internet user. Police sent a notice pursuant to PIPEDA ( Letter of Request for Account Information Pursuant to a Child Sexual Exploitation Investigation ) asking for the person s identifying information. Bell complied and handed over information about the customer. Police sought to use the information to obtain a warrant. JP found that there was no lawful authority for the disclosure under PIPEDA and the information was therefore illegally obtained.

Re S.C. [9] However, s. 7(3) stipulates that the information can be provided without consent only if the body seeking the information has "identified its lawful authority to obtain the information" and has indicated that the disclosure is requested (in this case) for law enforcement purposes. The Act does not set out that the existence of a criminal investigation is, in and of itself, lawful authority within the meaning of the Act nor, therefore, does a Letter of Request for Account Information Pursuant to a Child Sexual Exploitation Investigation establish such authority. Accordingly, there must still be some legal authority to obtain the information; in the view of this Court s. 7(3)(c.1)(ii) by itself does not establish what that lawful authority is. The section provides authority for disclosing information. It does not establish the authority for obtaining and possessing the information. [11] In the absence of express authority within the legislation, the Charter right not to have one s reasonable expectation of privacy interfered with, except through prior judicial authorization with all the protections that affords, must govern. Accordingly, it is the view of this Court that the Informant is not lawfully in possession of the information that was provided by Bell Canada.

What should businesses do? Any disclosure of personal information without consent is risky. The consent exceptions are difficult to interpret. PIPEDA doesn t create any requirement to disclose information without consent. The most risk adverse approach would be to only disclose information where you are lawfully required to do so.

What should businesses do? Don't collect personal information that you don't need just because it could be useful, particularly if it could be useful to law enforcement or to private litigants. Even if you think you may be required to collect it later, that's no justification to collect it now. - See principle 4 of PIPEDA.

What should businesses do? Don't keep personal information around any longer than you actually need it. If you are asked for personal information by law enforcement or private litigants, it is much easier to say you don't have it than to go to court to resist providing it. - See principle 5 of PIPEDA.

What should businesses do? It is not your job to police your customers. Mere suspicion on the organization s part is not enough of a basis to voluntarily hand over customer information without consent. Need to have reasonable grounds to believe - See principle 3 and s. 7(3)(d) of PIPEDA.

What should businesses do? Do not provide customer information unless compelled to do so. PIPEDA does not create any compulsion. - See principle 3 of PIPEDA and s. 7(3)(c.1)

Lawful access Modernization of Investigative Techniques Act Bill C-74. Introduced by the Liberal Government - To require TSPs to build-in wiretapping capability - To require TSPs to provide subscriber information without a warrant Fell off the order paper with election

Lawful access Apparently not a high-priority for the Harper gov t. Secret consultation launched this fall Lawful access lite - Only relates to Customer Information on request name; address(es); ten-digit telephone numbers (wireline and wireless); Cell phone identifiers, e.g., one or more of several unique identifiers associated with a subscriber to a particular telecommunications service (mobile identification number or MIN; electronic serial number or ESN; international mobile equipment or IMEI number; international mobile subscriber identity or IMSI number; subscriber identity module card number of SIM Card Number); e-mail address(es); IP address; and/or, Local Service Provider Identifier, i.e., identification of the TSP that owns the telephone number or IP address used by a specific customer.

Lawful access flip flop

Lawful access Consultation ongoing

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback