Our provincial Privacy Commissioner has just issued a report in response to concerns over how personal information collected from a skills survey conducted by the Saskatchewan Government would be stored and could be used in the United States. I am so very thankful that I was advised, this morning, that CBC’s Stefani Langenegger, via twitter, under the title Latest from SK privacy commissioner on outsourcing personal info of govt workers, provides access to that report.
When dealing with a public sector case concerning privacy which, nevertheless, will inform and advise all working in the private sector who choose to study it, R. Gary Dickson, Q.C., Saskatchewan Information and Privacy Commissioner, made the following reference to private sector cases and the application of PIPEDA. He said:
“[18] The following is an excerpt from the Personal Information Protection Electronic Documents Act (PIPEDA)17 Case Summary #2005-313 from the Office of the Privacy Commissioner of Canada (OPC). I should note that PIPEDA (referred to as the “Act” in the excerpt below) describes the privacy legislation that applies to private-sector organizations, not public bodies. However, the concern underlying personal information flowing across borders remains the same. Organizations, whether public or private, have obligations under applicable access and privacy legislation in regards to managing personal information.
The possibility of U.S. authorities accessing Canadians' personal information has been raised frequently since the passage of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, 2001 (USA PATRIOT Act). Prior to the passage of this Act, U.S. authorities were able to access records held by U.S.-based firms relating to foreign intelligence gathering in a number of ways.
What has changed with the passage of USA PATRIOT Act is that certain U.S. intelligence and police surveillance and information collection tools have been expanded, and procedural hurdles for U.S. law enforcement agencies have been minimized. Under section 215 of the USA PATRIOT Act, the Federal Bureau of Investigation (FBI) can access records held in the United States by applying for an order of the Foreign Intelligence Surveillance Act Court. A company subject to a section 215 order cannot reveal that the FBI has sought or obtained information from it.
The risk of personal information being disclosed to government authorities is not a risk unique to U.S. organizations. In the national security and anti-terrorism context, Canadian organizations are subject to similar types of orders to disclose personal information held in Canada to Canadian authorities. Despite the objections of the Office of the Privacy Commissioner, the Personal Information Protection and Electronic Documents Act has been amended since the events of September 11th, 2001, so as to permit organizations to collect and use personal information without consent for the purpose of disclosing this information to government institutions, if the information relates to national security, the defence of Canada or the conduct of international affairs.
In addition to these measures, there are longstanding formal bilateral agreements between the U.S. and Canadian government agencies that provide for mutual cooperation and for the exchange of relevant information. These mechanisms are still available.
...
● In the Assistant Commissioner's view, the real concern underlying these complaints is the prospect of a foreign government accessing Canadians' personal information.
● She concluded, however, that the Act cannot prevent U.S. authorities from lawfully accessing the personal information of Canadians held by organizations in Canada or in the United States, nor can it force Canadian companies to stop outsourcing to foreign-based service providers. What the Act does demand is that organizations be transparent about their personal information handling practices and protect customer personal information in the hands of foreign-based third-party service providers to the extent possible by contractual means. This Office's role is to ensure that organizations meet these requirements. In the case of these complaints, these requirements have been met.18 [emphasis added]
Footnotes
17 Personal Information Protection and Electronic Documents Act (hereinafter PIPEDA) S.C. 2000, c. 5.
18 Office of the Privacy Commissioner of Canada (hereinafter OPC), PIPEDA Case Summary #2005-313, available at www.priv.gc.ca/cf-dc/2005/313_20051019_e.asp.
“The intent and principles of PIPEDA line up almost perfectly with genealogical emphasis about privacy protection and the ethics surrounding that, but the genealogical societies do not seem to be aware that it could be a fantastic tool in ensuring those ethics are followed and are caught up instead in determining whether or not they are bound by the legislation. In my opinion PIPEDA needs to be embraced and it's principles entrenched into genealogical societies' policies and practices.”
September 7, 2013
G. Alvin Murray, Certified Saskatchewan Instructor, CCSG
*************
The following was taken from R. v. Dyment, [1988] 2 SCR 417, as reproduced at http://canlii.ca/t/1ftc6:
“22. Finally, there is privacy in relation to information. This too is based on the notion of the dignity and integrity of the individual. As the Task Force put it (p. 13): "This notion of privacy derives from the assumption that all information about a person is in a fundamental way his own, for him to communicate or retain for himself as he sees fit." In modern society, especially, retention of information about oneself is extremely important. We may, for one reason or another, wish or be compelled to reveal such information, but situations abound where the reasonable expectations of the individual that the information shall remain confidential to the persons to whom, and restricted to the purposes for which it is divulged, must be protected. Governments at all levels have in recent years recognized this and have devised rules and regulations to restrict the uses of information collected by them to those for which it was obtained; see, for example, the Privacy Act, S.C. 1980-81-82-83, c. 111.
23. One further general point must be made, and that is that if the privacy of the individual is to be protected, we cannot afford to wait to vindicate it only after it has been violated. . . . Invasions of privacy must be prevented, and where privacy is outweighed by other societal claims, there must be clear rules setting forth the conditions in which it can be violated.” (Emphasis added)
From http://www.canlii.org/en/ca/scc/doc/1997/1997canlii358/1997canlii358.html, at paragraph 67, in the case of Dagg v. Canada (Minister of Finance), [1997] 2 SCR 403, we learn that the Supreme Court of Canada also invites us to consider R. v. Duarte, 1990 CanLII 150 (SCC), [1990] 1 S.C.R. 30, at p. 46 (“privacy may be defined as the right of the individual to determine for himself when, how, and to what extent he will release personal information about himself”); (and) R. v. Osolin, 1993 CanLII 54 (SCC), [1993] 4 S.C.R. 595, at pp. 613-15 (per L’Heureux-DubĂ© J., dissenting); Westin, supra, at p. 7 (“[p]rivacy is the claim of individuals . . . to determine for themselves when, how, and to what extent information about them is communicated to others”); (and) Charles Fried, “Privacy” (1968), 77 Yale L.J. 475, at p. 483 (“[p]rivacy . . . is control over knowledge about oneself”).
***********
The design of this site is to readily afford access to ‘research tools’ that may be used to answer the question which asks if the Saskatchewan Genealogical Society (SGS), and certain other genealogical societies, are or are not limited by the terms and provisions of The Personal Information Protection and Electronic Documents Act (PIPEDA) when indiscriminately collecting and selling personal information about those “in the land of the living.”
September 7, 2013
G. Alvin Murray, Certified Saskatchewan Instructor, CCSG
*************
The following was taken from R. v. Dyment, [1988] 2 SCR 417, as reproduced at http://canlii.ca/t/1ftc6:
“22. Finally, there is privacy in relation to information. This too is based on the notion of the dignity and integrity of the individual. As the Task Force put it (p. 13): "This notion of privacy derives from the assumption that all information about a person is in a fundamental way his own, for him to communicate or retain for himself as he sees fit." In modern society, especially, retention of information about oneself is extremely important. We may, for one reason or another, wish or be compelled to reveal such information, but situations abound where the reasonable expectations of the individual that the information shall remain confidential to the persons to whom, and restricted to the purposes for which it is divulged, must be protected. Governments at all levels have in recent years recognized this and have devised rules and regulations to restrict the uses of information collected by them to those for which it was obtained; see, for example, the Privacy Act, S.C. 1980-81-82-83, c. 111.
23. One further general point must be made, and that is that if the privacy of the individual is to be protected, we cannot afford to wait to vindicate it only after it has been violated. . . . Invasions of privacy must be prevented, and where privacy is outweighed by other societal claims, there must be clear rules setting forth the conditions in which it can be violated.” (Emphasis added)
From http://www.canlii.org/en/ca/scc/doc/1997/1997canlii358/1997canlii358.html, at paragraph 67, in the case of Dagg v. Canada (Minister of Finance), [1997] 2 SCR 403, we learn that the Supreme Court of Canada also invites us to consider R. v. Duarte, 1990 CanLII 150 (SCC), [1990] 1 S.C.R. 30, at p. 46 (“privacy may be defined as the right of the individual to determine for himself when, how, and to what extent he will release personal information about himself”); (and) R. v. Osolin, 1993 CanLII 54 (SCC), [1993] 4 S.C.R. 595, at pp. 613-15 (per L’Heureux-DubĂ© J., dissenting); Westin, supra, at p. 7 (“[p]rivacy is the claim of individuals . . . to determine for themselves when, how, and to what extent information about them is communicated to others”); (and) Charles Fried, “Privacy” (1968), 77 Yale L.J. 475, at p. 483 (“[p]rivacy . . . is control over knowledge about oneself”).
***********
The design of this site is to readily afford access to ‘research tools’ that may be used to answer the question which asks if the Saskatchewan Genealogical Society (SGS), and certain other genealogical societies, are or are not limited by the terms and provisions of The Personal Information Protection and Electronic Documents Act (PIPEDA) when indiscriminately collecting and selling personal information about those “in the land of the living.”
Wednesday, September 4, 2013
Are genealogical societies required to protect personal information in their possession or control in a way that is compliant with PIPEDA?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment