The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Sunday, January 02, 2005
One year ago today -- after a long time of only reading others' blogs -- I launched "PIPEDA and Canadian Privacy Law", the blog you are presently reading. My first hope was that it would be a useful resource for lawyers and others who have an interest in privacy law, both in Canada and abroad. My second hope was that I would have the time and inclination to keep it going. According to Blogger, this will be posting number 431, which means I've managed to post, on average, more than once each of the 366 days it's been up and running. It has managed to keep my interest, and I hope it has done the same for its readers.
The last year has been a very busy one on the privacy front in Canada. On January 1, 2004, the federal privacy law came into full effect after being phased in over the period of 2001 - 2004. That has led to a huge change in how consumer privacy is dealt with in Canada. Also on January 1, 2004, British Columbia and Alberta privacy laws came into effect, though there was a significant overlap in jurisdiction before those laws were declared to be "substantially similar" to PIPEDA by the federal cabinet. More recently, Ontario has passed the Personal Health Information Protection Act, which began to regulate health information custodians in that province on November 1, 2004.
We've also seen consumer privacy hit the media in an unprecedented way, thanks to high-profile incidents involving the personal information of Canadians. Perhaps the highest profile was the CIBC faxing fiasco (PIPEDA and Canadian Privacy Law: Incident: Candian bank's internal faxes went to West Virginia for three years), followed by the discovery of reams of pesonal information of Alberta civil servants during a drug raid (PIPEDA and Canadian Privacy Law: Incident: Massive leak of personal information in Edmonton, Alberta).
The year 2004 was also notable for the new attention being paid to cross-border transfers of personal information, thanks to the investigation by the British Columbia Information and Privacy Commissioner into the effect of the USA PATRIOT Act on the privacy of British Columbians (PIPEDA and Canadian Privacy Law: Article: U.S. Patriot Act worries Privacy Commissioner), which begat a similar study by the Alberta Commissioner (PIPEDA and Canadian Privacy Law: Alberta Commissioner to conduct his own "PATRIOT ACT" outsourcing inquiry).
The courts have also had to deal with PIPEDA in various ways.
We also saw the Privacy Commissioner decline to investigate an alleged breach of PIPEDA because the company in question did not have a presence in Canada (see PIPEDA and Canadian Privacy Law: Jurisdictional limitations on Canadian privacy law). I hope this one is taken to the Federal Court, because so much is at stake in the closely integrated economies of North America.
This would have been an even bigger year on the privacy front if it weren't for the backlog at the Office of the Privacy Commissioner of Canada. Hundreds of complaints brought by consumers this year are still in the investigation process, most of which take many months to work their way through the office. In my own experience, most complaints are dealt with via written correspondence along with a huge lag in response times. (Even those that are urgent languish in someone's inbox for months.)
So that was the year 2004. I expect this new year will be even more fruitful as the law is applied in new settings and complaints wind their way through the system. And I plan to keep on blogging about it. Please feel free to comment on this post if you think I've missed something...
Labels: alberta, bc, health information, information breaches, patriot act, phipa, privacy
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.