The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Wednesday, February 09, 2005
Up to now, one of the loudest advocates of having the Privacy Commissioner "name names" has been Michael Geist (see Geist: Revise privacy law to expose offenders, block snoops, Article: Weak enforcement undermines privacy laws). Two additional voices have been added to the chorus, according to this article in the The Toronto Star:
TheStar.com - Pressure builds to name privacy-law offenders:"Canadians had high expectations of a new privacy act that came into force on Jan. 1, 2004, designed to safeguard personal information in the private sector.
But the high hopes have not been fulfilled, according to two recent critical reports.
The Personal Information Protection and Electronic Documents Act (PIPEDA) "has not been kind to consumers," says the Public Interest Advocacy Centre.
...
People who bring a complaint to the privacy commissioner are free to make the full findings public.
But few do.
...
Similar arguments are made by Chris Berzins, a lawyer with the Ontario labour ministry, in an article published in the Canadian Journal of Law and Technology.
"The all but categorical refusal to reveal the names of complaint respondents," he says, "has a number of unfortunate results."
- It greatly undercuts the instructive value that complaint investigations might have.
- It deprives companies of the recognition they deserve when they comply with the law.
- It unjustly rewards companies that flout the law.
- It penalizes consumers who are unable to make informed privacy decisions.
- It prevents the market from rewarding or penalizing companies based on the public's awareness of privacy practices.
- It makes it difficult to assess the effectiveness of the commissioner's office in promoting compliance.
..."
I am of two minds on this issue. I have acted for a number of companies that have been complained about. In most cases, the matters complained about are relatively minor and the situation that gave rise to the complaints were inadvertent mistakes. In at least one case, they resolved the matter long before complaint ever went to the Commissioner, leaving us scratching our heads as to why they decided to proceed in that manner. It would be unfair to penalize companies acting in good faith that make an honest mistake, fix it and move on. But in cases where the consequences of the violation is significant or was a result of not being concerned about customer privacy, naming names may provide a wake-up call.
Labels: information breaches, privacy
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.