1 / 18

Initial reflections of the privacy commissioner on Ontario’s draft privacy bill

Initial reflections of the privacy commissioner on Ontario’s draft privacy bill. Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Toronto Board of Trade February 19, 2002. Background to the Bill. European Union Directive on Data Protection Canadian Standards Association:

Download Presentation

Initial reflections of the privacy commissioner on Ontario’s draft privacy bill

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Initial reflections of the privacy commissioner on Ontario’s draft privacy bill Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Toronto Board of Trade February 19, 2002

  2. Background to the Bill European Union • Directive on Data Protection Canadian Standards Association: • Model Code for the Protection of Personal Information Government of Canada • Personal Information Protection and Electronic Documents Act Government of Ontario • Privacy of Personal Information Act, 2002

  3. Privacy of Personal Information Act, 2002 • Integrated health & private sector privacy protection • Guide to Ontario’s Consultation on Privacy Protection • www.cbs.gov.on.ca/mcbs/english/56Y2QL.htm • Privacy of Personal Information Act, 2002 • www.cbs.gov.on.ca/mcbs/english/56Y2UJ.htm • Consultation period • Ends March 8, 2002

  4. Scope of the Draft Bill • Bill applies to: • Ontario businesses • Ontario universities • Ontario hospitals, doctors, pharmacies, clinics… • Ontario associations (incorporated or not) • Ontario partnerships • Ontario unions • Does not apply to: • Individuals acting in a personal and non-commercial capacity • Artistic, journalistic or literary exemption

  5. Ontario Draft Bill • Things we like: • Made in Ontario response to PIPEDA • Scope of Bill extends beyond business sector • Based on CSA Fair Information Practices • Single oversight body for both public and private sector privacy • Dramatic improvements to health component from earlier Bill 159

  6. Striking the Right Balance? • The government is working to find the appropriate privacy balance, But… • Concerns about the Bill:  • Permitted uses without consent • Extensive use of Regulations • Lack of full investigation powers

  7. Simplify the Draft Bill • Complex drafting • Inconsistencies • Redundancies • Duplication

  8. Complex and Confusing Personal Information Personal Health Information Organizations (non-health) Health Information Custodians

  9. Definition of Personal Information • Personal Information – covered • Personal Health Information – covered • Business Information – not covered • Professional Information – not covered

  10. Exemptions to Consent • Exemptions should be very limited regarding the collection, use and disclosure without consent: • Minimize exemptions • Notice requirements • If exemptions exist for use or disclosure without consent, notice should be provided

  11. Procedures for Access • Different procedures for accessing personal information vs. personal health information • Will create confusion, without adequate justification for doing so • Duplication between two access schemes completely unnecessary

  12. Use of Regulations • Use of Regulations too broad: • Section 80(1)(g) enables specific organizations or classes of organizations, to be pulled outside of the scope of the legislation without any public consultation or accountability. • Section 80(1)(n) permits the government, without public consultation or accountability, to exempt organizations from acting in conformity with their information practices.

  13. Commissioner’s Powers • Lack of full investigation powers • No power to compel witnesses to testify (risk of another POSO debacle) • Privacy oversight bodies in virtually every other jurisdiction with similar legislation have the power to require testimony, including: Canada (federal), Alberta, Saskatchewan, Manitoba, Quebec, Australia and New Zealand.

  14. Other issues to consider • Consent • Express • Implied • Opt-in / Opt-out? • Notice • Sufficient? • Harmonization with PIPEDA

  15. EU Response to PPIA? • EU Adequacy Decision • “Canada is considered as providing an adequate level of protection for personal data transferred from the Community to recipients subject to the Personal Information Protection and Electronic Documents Act.” • But… • “This Decision may be amended at any time in the light of experience with its functioning or of changes in Canadian legislation, including measures recognizing that a Canadian province has substantially similar legislation.”

  16. The IPC & PPIA, 2002 • Cooperation and mediation, not confrontation • IPC has a long history of working collaboratively with the public and private sectors • Learn from the experience of jurisdictions with private sector privacy laws: • “We have never seen a business plan that could not be operated within the [data privacy] legislation.” Elizabeth France, UK Commissioner • Will produce guidelines for businesses and public outlining responsibilities and expectations

  17. The Value of Privacy “Complying with privacy regulations can be considered just a business cost, but many companies understand that a reputation for guarding privacy can also be a selling point. They need to be stewards, to the extent they can gain a competitive advantage from privacy.” Ken DeJarnette, Deloitte & Touche

  18. How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario 80 Bloor St. W., Suite 1700, Toronto, M5S 2V1 Phone: (416) 326-3333 Web:www.ipc.on.ca E-mail:commissioner@ipc.on.ca

More Related