The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Tuesday, June 08, 2004
Years later, cell phone text messages can come back to haunt you. According to CNN.com, ancient text messages may be ordered to be produced as evidence in the Kobe Bryant trial (see below). These messages "tend to be saved on servers."
Canada's federal privacy law, PIPEDA, has applied to telecom companies since 2001. One of the principles of the law is that information can only be retained for as long as is reasonable for the purposes for which the information was collected:
4.5 Principle 5 -- Limiting Use, Disclosure, and Retention
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.
4.5.2
Organizations should develop guidelines and implement procedures with respect to the retention of personal information. These guidelines should include minimum and maximum retention periods. Personal information that has been used to make a decision about an individual shall be retained long enough to allow the individual access to the information after the decision has been made. An organization may be subject to legislative requirements with respect to retention periods.
4.5.3
Personal information that is no longer required to fulfil the identified purposes should be destroyed, erased, or made anonymous. Organizations shall develop guidelines and implement procedures to govern the destruction of personal information.
It would seem that Canadian telcos should not be retaining these messages indefinitely. Of course, "should" and "do" are two entirely different matters... Beware what you text, it may come back in civil or criminal proceedings.
The CNN story on the Bryan trial is here:
CNN.com - Think before you text - Jun 7, 2004:
"DENVER, Colorado (AP) -- A few hours after NBA star Kobe Bryant had sex with a Vail-area hotel worker last summer, the woman exchanged cell phone text messages with a former boyfriend and someone else.
What's in those messages could help determine whether the sex was consensual or whether Bryant is guilty of rape as charged. The judge himself said the content may be 'highly relevant' to the case.
That the judge could order the woman's cell phone company to produce the messages so long after they were sent shouldn't surprise anyone, analysts say.
Texters beware. Like e-mail and Internet instant messages, text messages tend to be saved on servers.
'One of the false assumptions that people make is that when they hit the delete button, messages are gone forever, but nothing can be further from the truth,' said Jeff Kagan, an independent telecommunications analyst in Atlanta."
See also Slashdot discussion of the issue ...
Labels: information breaches, retention
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.