Presentation to: Privacy Regulation - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Presentation to: Privacy Regulation

Description:

Fines and other remedies under PIPA. Why Should You Really Care About the ... of the Commissioner will constitute an offence under PIPA punishable by a fine ... – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 11
Provided by: stephani194
Category:

less

Transcript and Presenter's Notes

Title: Presentation to: Privacy Regulation


1
Presentation toPrivacy Regulation
  • Cappone DAngelo
  • November 26, 2003

2
Overview
  • Why Should You Care About the Privacy Principles?
  • Regulatory landscape (B.C., Canada, and beyond)
  • Application of PIPA
  • Fines and other remedies under PIPA
  • Why Should You Really Care About the Privacy
    Principles?
  • Not just a compliance issue

3
Regulatory Landscape - Canada
  • Federal law Personal Information Protection and
    Electronic Documents Act (PIPEDA)
  • based on the 10 Privacy Principles
  • currently applies to the federally regulated
    private sector and to certain interprovincial and
    international transfers of personal information
  • after Jan. 1, PIPEDA will continue to apply to
    non-federally regulated private sector in some
    circumstances
  • Provincial laws
  • Quebec - private sector privacy legislation for
    10 years
  • Alberta - draft legislation (very similar to B.C.
    legislation)
  • Ontario - may introduce legislation (but PIPEDA
    will likely apply as of Jan. 1, 2004 to
    commercial activities in Ontario)

4
Regulatory Landscape - International
  • E.U., Hong Kong, Australia, Argentina
  • Trans-Border Data Flows (TBDFs) out of E.U.
  • U.S. sectoral approach
  • Children's Online Privacy Protection Act (COPPA)
    very prescriptive
  • Health Insurance Portability And Accountability
    Act (HIPAA)
  • Gramm-Leach-Bliley (G-L-B)
  • Anti-SPAM laws, SPAM blacklisting
  • do-not-email/call/fax lists
  • Federal Trade Commission (FTC) enforcement of
    privacy policies (unfair trade practices)

5
Application of PIPA
  • On April 30, 2003, the British Columbia
    introduced Bill 38, the Personal Information
    Protection Act (PIPA), which has now been
    passed into law
  • PIPA will apply as of January 1, 2004 to the
    collection, use, and disclosure of personal
    information (including employee personal
    information) by businesses,non-profits, and
    other private sector organizations in British
    Columbia (except where PIPEDA applies)
  • Grandfathering issues - PIPA does not apply to
    the collection of information collected before
    Jan. 1, 2004, but does apply to the use and
    disclosure of such information

6
What is Personal Information?
  • Personal information is any information about an
    identifiable individual (not a corporation)
  • Examples
  • age, sex, marital status, race, nationality,
    ethnic origin, religious or political beliefs
  • financial information (such as household income),
    health information
  • information regarding behaviour of an individual
    (such as product purchasing history)

7
Examples of Limitations
  • Organizations may use personal information only
    for purposes that a reasonable person would
    consider appropriate in the circumstances
  • An organization must not, as a condition of
    supplying a product or service, require an
    individual to consent to the collection, use, or
    disclosure of personal information beyond what is
    necessary to provide the product or service (e.g.
    contests, giveaways)

8
Fines and Other Remedies
  • The failure of an organization to comply with an
    order of the Commissioner will constitute an
    offence under PIPA punishable by a fine of up to
    100,000
  • Where the Commissioner makes an order under PIPA
    against an organization in respect of the breach
    by the organization of obligations under PIPA, an
    individual affected by the order is entitled to
    bring a claim against the organization for
    damages for harm that the individual suffered as
    a result of the breach

9
Why Should You Really Care?
  • ability to leverage data
  • public relations/customer relations
  • compliance costs (responding to access requests,
    complaints)
  • costs of cleaning dirty data
  • mergers and acquisitions, other commercial
    transactions

10
Final Thoughts
  • The Bad News
  • numerous laws regulate the collection, use, and
    disclosure of personal information within and
    outside Canada, and its getting worse
  • culture shift for businesses, especially for
    marketing professionals
  • not just a technical compliance issue
  • The Good News
  • many of the laws are very similar, and general
    implementation of the 10 Privacy Principles will
    get you most the way to compliance
  • privacy compliance will add value to business
  • knowledge about privacy laws/compliance will add
    value to marketing professionals skill set
Write a Comment
User Comments (0)
About PowerShow.com