The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar

Archives

Links

Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by groups.yahoo.com

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Tuesday, June 08, 2004

Criminal Code Amended to allow for e-mail interception by sysadmin 

By amendments to the Criminal Code of Canada, the authority of a sysadmin to review employee e-mail in the course of system management has been clarified. From the London Free Press:

London Free Press: Business Section - Law amended for e-mail:

"The Criminal Code of Canada makes it an indictable offence to "willfully" intercept a private communication. On April 22, Bill C-14 came into effect, which among other things amends the Criminal Code to protect computer system managers from the threat of criminal conviction. The bill amends the Criminal Code to add a section that allows computer system managers to intercept a private communication. Interception under this new provision is lawful only if it is "reasonably necessary" for managing the "quality of service" of the computer system.

Preventing and dealing with intrusion detection and malicious attempts to compromise systems is a crucial issue for any business.

The concern was that without such a change, the viewing or scanning of e-mails by a computer systems employee for such things as virus detection or spam-blocking might be considered an illegal interception of a private communication. Other legitimate purposes include the prevention of data theft or the use of systems by unauthorized individuals. One could argue that, depending to some extent on employer policies, e-mails to and from the workplace are not private communications. But this amendment clarifies the issue.

...

Under the changes, intrusion-detection activities must be limited to authorized individuals who perform duties relating to the security management and protection of computer systems.

Intrusion-detection activities must be limited to what is reasonably necessary for legitimate management purposes to ensure service quality and protect systems against computer-related offences.

The then-Privacy Commissioner took issue with one aspect of the bill.

The commissioner opposed permitting a private communication that had been intercepted lawfully to be disclosed in the course of a civil or criminal proceeding, or for the purposes of any criminal investigation.

That would have meant that a manager operating a computer intrusion-detection system who discovered an e-mail attachment containing child pornography, or evidence of a murder plot, could not notify the police or use the material to discipline the employee.

The commissioner's proposal was defeated. ..."

Labels:

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs