• No results found

Index All entries in the index reference page numbers.

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Index All entries in the index reference page numbers."

Copied!
12
0
0

Loading.... (view fulltext now)

Download now ( 12 Page )

Full text

(1)

All entries in the index reference page numbers.

A Audit of organizations, 37-38, 162-163

Access to personal information

by individual, 22, 31, 151- B

154

Biometrics, 123-125 • assistance by organization,

• palm-vein scanning of test-153

takers, 124-125 • exceptions, 31

• • privacy implications, 124-• Model Code, principles,

180-125 191

• • reasonable purpose, 124 • refusal to provide with

• voiceprint is personal reasons, 153

information, 123 • third party personal

• • Federal Court appeal held information, 154

employee consent required, • time limit to respond, 153

124 • written request, 152

• • reasonable purpose, 124 Accountability, 22, 180-181

Business continuity, see Accuracy, 22, 30, 186-187 Disaster recovery Anti-spam legislation, see

C FISA (Fighting Internet and

Wireless Spam Act) CASL, see FISA Applications service provider Canada Evidence Act

(ASP) arrangements, 121- certificate, 146-147 122

Canada’s Anti-Spam Law Asset purchases, see Mergers, (CASL), see FISA (Fighting

acquisitions and asset Internet and Wireless Spam

(2)

Checklists • outsourcing, see Outsourcing • purpose of collection

• health care institution privacy

identified and reasonable, 21, program implementation,

86-24, 27, 146, 181-182 90

• ten privacy principles under • outsourcing or transferring

Sch. 1 of PIPEDA for, 22-23, personal information across

178-189 borders, 69

• third-party, 26-27, 29, 64-65 • PIPEDA compliance for

educational institutions, 102- • • consents needed, 65 103 • • due diligence re consents

and contracts, 65 CIBC decision, 55-58

• without knowledge or consent, Collection, use, and disclosure

148-151 of personal information

Commercial activities • consent, see Consent

• defined, 16-17, 144 • definition of personal

• outsourcing and, 53-54 information, 145

• disclosure by Privacy Complaints process, 34-43, Commissioner, 164-165 157-161, 187

• • to investigative bodies, • challenge to compliance, 23, regulation 2001-6, 205-209 191

• grandfathering of, 33-34 • court hearing, 161-162 • limitation of, 22, 29 • dispute resolution

mechanisms, 35-36, 156, 159 • • excessive collection, 27-28

• hearing in Federal Court, see • • Model Code, principles,

Federal Court 185-186

• information to include in, 34 • • reasonable purpose, 24, 27-• investigation of complaints 28 • • discontinuance of, 160 • • sensitive information, 28-29 • • investigator assigned, 35, • • use, disclosure and

157-158 retention, 22, 29

• • notification of complainant, • mergers, acquisitions and

157 asset purchases, see Mergers,

acquisitions and asset • • powers of Commissioner, purchases 158-159

(3)

• • publicly available Complaints process (cont’d)

information, regulation • lodge complaint with Federal

2001-7, 210-211 Privacy Commissioner, 34-35

• • response to subpoena, • • letter of findings, 35

warrant, order of court, 149 • • no direct power of

• • statistical, or scholarly study enforcement, 35

or research, 151 • • report with

recommendations, 35, 161 • exceptions to, 27, 148-149 • • • within one year, 37 • express, 25-27

• implied, 25-27 Compliance team, 31-32 • methods of giving, 26-27 • privacy officer, 31 • opt-out consent, 25, 27 Consent

• principle, Model Code, 182-• collection without knowledge

185 or consent, 148-149

• third-party use, 26 • • collection reasonable to

investigate breach, 148 • use without knowledge or consent, 148-149

• • disclosure of purposes

required by law, 149, 181- • • emergency threatening life, 182 health, security, 149

• • interests of individual, 148 • • investigation of

contravention of laws of • • publicly available

Canada, 149 information, 148

• • publicly available • • solely for journalistic,

information, 149 artistic or literary purposes,

148 • • statistical, or scholarly study or research, 149

• disclosure without knowledge

or consent, 149-151 Cookies case, see under • • debt collection by Information technology

organization, 149

D • • emergency threatening life,

health, security, 150 Damages

• • government request, 150 • humiliation, 40-42

• indictable offences, 43, 71 Data breach, 44-45

(4)

Data mining, 116-117 • • signed consent, 98 • point-of-sale data includes • • without consent, 97

personal information, 117 • commercial activities, 94-96, 144

Deep packet inspection (DPI),

118 • employee information, 100-101

• access personal information

sent over Internet, 118 • fundraising, 99-100

• Bell advised to disclose to • • affinity marketing programs, customers the use of DPI, 118 100

Disaster recovery, 122-123 • • commercial activity or not, 99-100

Disclosure of information, see

• student records, 101-102 Collection, use, and disclosure

of personal information • • access to, private schools, 101-102

E • • commercial activities, 101, 142

eBay’s detailed privacy policy,

129 • • correction of records, private schools, 101-102 Education sector, 91-103

• tri-council policy statement • applicability of PIPEDA,

91-protocols, 98-99 94

• • universities and private for- Electronic documents profit educational • copies, 177

institutions, 94

• defined, 172 • archives held by educational

• evidence or proof, as, 174 institutions, 99

• payments, 173 • checklist, PIPEDA compliance

• regulations for educational institutions,

102-103 • • Canada Labour Code, 2008-115, 196-197 • collection of personal

information for statistical, • • Federal Real Property and scholarly or research Federal Immovables Act, purposes, 96-99 2004-308, 193-195

• • anonymity on collection, 98 • • Investigative Bodies, 2001-• 2001-• implied consent, 97 6, 205-209

(5)

• PIPEDA application, federal Electronic documents (cont’d)

works, undertakings or • • Publicly Available businesses, 131, 144 Information, 2001-7, 210-211 F • retention, 174-175

• seals, 175 Facebook privacy investigation, 112-116 • signatures, secure, 176, 177,

212-215 Federal Court

• statements under oath, 176- • hearing on complaint, 161-162 177

• order compliance, 40-42 • statutory forms and filing,

• remedies, 162 173-174

• • order damages, 40-42, see E-mail addresses, personal

also Damages information

• request for hearing to, 40, 42 E-mail monitoring by

employer, 134 FISA (Fighting Internet and Wireless Spam Act), 12-13 Employment relationship,

32-34, 131-141

G • labour arbitrator’s jurisdiction,

Genetic testing, see Healthcare 140

sector • medical information

collection, 138-140 Global positioning systems (GPS) installation by • • disclosure permitted for

employer, 134-136 appeal process, 139

• • privacy policy needed, 139 Google Buzz privacy violation, • • reasonable purpose required, 116

139

Google’s Street View • security checks, 137-138 application, 118-119 • • employee consent required,

Google Wi-Fi privacy 138

concerns, 119 • surveillance, 132-134, 136,

Grandfathering of see also Surveillance of

(6)

H • • tri-council policy, 79-80 • personal health information Health records, see topics

under Healthcare sector • • defined, 71-72, 145

• • employer collected, 138-140 Health research, see Healthcare

sector • physicians’ prescribing patterns, sale of information, Healthcare sector, 71-90

83-84 • checklist, privacy program

• provincial health information implementation, 86-90

privacy statutes, 75-77 • collection, use, and disclosure

• statutory reporting obligations, of personal health

83 information, 77-84

• when does PIPEDA apply, • • consent, 77

73-75 • • exceptions, 78

• • • emergency threatening I patient’s life, safety, or

Imaging technology, 118-119 security, 78

• Google’s Street View • • • patient’s interest, 78

application, 118-119 • • • required by law, 78

Individual access, 189-190 • • fax machines and Internet

concerns, 78-79 Information technology • commercial activities, 73-75 • biometrics, see Biometrics • • preponderant purpose test,

• compliance tips, 127-129 73 • consent obtained • custodians in Ontario, electronically, 108-109 regulation, 2005-399, 198 • • opt-out form, 109 • disclosure for subpoena,

• • privacy statement, 108-109 warrant or court order in civil

litigation, 82 • cookies, information stored is personal, 111 • fundraising activities, 75 • cookies, advertising, 107 • genetic testing, 80-81 • Cookies case, 105-107 • health research, 79-80 • • Commissioner’s finding of • • consent exception, 80 breach, 106 • • research ethics board

(7)

• • examples of breach of Information technology (cont’d)

PIPEDA, 128-129 • • privacy concern, 106

• radio frequency identification • data mining, see Data mining

device, see Radio frequency • deep packet inspection, see

identification device (RFID) Deep packet inspection (DPI)

• social networking, see Social • disclosure of on-line

networking sites information to police during

an investigation, 126-127 International transfer of personal information, see • imaging technology, see

under Outsourcing Imaging technology

Internet-based marketing, • Internet-based marketing, see

110-112 Internet-based marketing

• cookies, information stored is • live video streaming, see Live

personal, 111 video streaming

• e-mail addresses, personal • need for compliance, 109-110

information, 110-111 • • damage to reputation when

• spyware, likely breach of information use practices

PIPEDA, 111-112 disclosed, 110

• • Federal Court damage order, Investigation of complaint, see 109 Complaints process

• • Google privacy deficiencies

L and third-party audit,

109-110 Live video streaming, 125-126

• • PIPEDA non-compliance • privacy policy and passwords may affect ability to protection, 125-126

contract, 110 • webcam service at daycare, • outsourcing, see Outsourcing 125

• payload data collection, see

M Payload data collection

• PIPEDA compliance tips, Mergers, acquisitions and 127-129 asset purchases, 65-68, see

also Outsourcing • • audit, designate privacy

officer, privacy policy, • customers and patients consents, 127 consent, 67

(8)

• comparable level of Mergers, acquisitions and asset

protection, 52 purchases (cont’d)

• employee information to joint • no disclosure, therefore no venture partner, 66-67 consent needed, 52-53 • employee information to • guarantees required by

potential purchaser, 67 transferring organization from agent, 55

• issues to explore by potential

purchase re personal • information technology information, 65-68 services, 119-123

• privacy policy inclusion, 66- • • applications service provider 67 (ASP) arrangements,

121-122 • sale of customer list, 68

• • disaster recovery, 122-123 • share purchase transaction, 68

• • • business continuity, 122 O • • • transfer of personal

information to third party, Openness principle, 188-189

120-121 Outsourcing, 52-64

• • “transfer” vs “disclosure”, • checklist, 69 120-121

• CIBC decision by Privacy • • • transfer privacy Commissioner, 55-58 requirements from • • affirmed in SWIFT outsourcer, 120-121

decision, 58 • • transmission of personal • • CIBC customer concerns re information to third party,

U.S. service provider, 56 120

• • CIBC transparent about • international transfer of policies on outsourcing, 58 personal information, 59-64 • • comparable level of • • Accusearch case, 60-61

protection found, 57 • • • disclosure of personal • • customer consent not information without

required, 57-58 consent, 60

• • Office of the Superintendent • • • PIPEDA breached, 59-61 of Financial Institutions • • • Privacy Commissioner (OFSI) approval, 56-57 and U.S. Federal Trade • commercial activities, 53-54 Commission, 60

(9)

• data breach, see Data breach Outsourcing (cont’d)

• • affiliated corporations, 62- • defined, 19-21, 145 64

• • exclusions, 18-19 • • • advance notice to

• identifiable individual, 19, 72 customers, 63-64

• outsourcing, see Outsourcing • • • comparable level of data

• publicly available, regulation, protection, 63

2001-7, 210-211 • • checklist, 69

• reasonable expectation of • • comparable level of

privacy, see Reasonable protection, 59 expectation of privacy • • KLM case, 61-62 • safeguards (security), 23, 30-• 30-• 30-• failure to provide 31, 187-189 applicant access to Personal Information information, 61

Protection and Electronic

• • transparency re outsourcing,

Documents Act (PIPEDA)

59

• activities covered by Act, 16-• notification of outsourcing

17, 32, 131-141 required, 62

• • collected in course of • privacy policy transparent, 58,

commercial activities, 16-59

17, 146

P • • digital signatures, 17 • • federal works, undertakings Payload data collection, 119

or businesses, 132, 146 • Google Wi-Fi privacy

• activities not covered by Act, concerns, 119

18-19, 144 Penalties, see Damages

• • employment related Personal information information collected by

private sector employers, 16 • access by individual to, 22, 31

• • personal information held • accuracy, 22

by government covered by • collection, use, and disclosure,

Privacy Act, 19 see Collection, use, and

• application, 15-16, 129, 146 disclosure of personal

information • • education sector, see • compliance team, 31-32 Education sector

(10)

• electronic documents, see

Personal Information

Electronic documents

Protection and Electronic

• grandfathering clause, none,

Documents Act

33-34 (PIPEDA) (cont’d)

• • employment relationship, • Model Code for Protection of see Employment Personal Information

relationship (Schedule 1), 180-191 • • healthcare sector, see • origins of the Act, 9-15

Healthcare sector • • Bill C-12 proposed changes, • • information and technology- 11-12

intensive businesses, see • • digitization of information, Information technology 8-9

• definitions, 143-145 • • European Union privacy • • “alternative format”, 144 directives, 9-10

• • in force January 2001, 2 • • “commercial activity”, 144

• • Internet implications, 8-9 • • “commissioner”, 144

• • OECD principles re privacy • • “Court”, 144 protection, 9 • • “data”, 172 • • recommended changes to • • “electronic document”, 172 the Act, 11-12 • • “electronic signature”, 172

• personal information, defined, • • “federal law”, 172 19-21, 145

• • “federal work, undertaking • privacy or business”, 144-145

• • defined, 7 • • “filing”, 174

• • principles, ten, 22-23, 180-• 180-• “organization”, 145 191

• • “personal health • provincial privacy legislation information”, 145 and, 75-77

• • “personal information”, 145 • purpose of Act, 145-146 • • “record”, 145 • regulations, see Electronic

documents • • “responsible authority”,

172-173 • review of Act every five years, 10-12, 171

• • “secure electronic signature”, 172 • • “should”, 148

(11)

Privacy • Privacy Commissioner’s agreement with provinces, • defined, 7 166-167 • policy sample, 45-50 • Quebec, 14 • principles, ten, 22-23, 180-191 • relationship to PIPEDA, 75-77 • • challenging compliance to,

• “substantially similar” to 23

federal, 14-15, 75-77 Privacy Commissioner, see

also Complaints process R

• agreements with provinces, Radio frequency identification 166-167 device (RFID), 117

• annual report, 169 • Ontario Privacy

Commissioner’s guidelines, • audit of organizations, 37-38

117 • Commissioner, defined, 144

• personal information may be • disclosure of information to

associated with, 117 foreign state, 167-168

• Privacy Commissioner is • investigative powers, 35-36

studying use in Canada, 117 • mediation, 35, 159 Reasonable expectation of • no power of enforcement, 35 privacy, 21, 132-134 • protection of, 165-166 Regulations • role of, 34-43

• Governor in Council, made • solicitor-client privilege,

35-by, 169-170, 176-177 37

S Privacy policy, 23-24

• officer, 23, 31 Safeguards (security) of

personal information, 23, 30-• openness of, 23, 30-31, 118,

31, 187-188 188-190

• sample of, 45-50 Sample privacy policy, 45-50 Provincial private sector Security checks, 137-138

privacy legislation, 14-15

Social networking sites, 112-• Alberta, 14 116

• British Columbia, 14 • Facebook privacy • Ontario, 14 investigations, 112-116

(12)

• • for violation of employment Social networking sites (cont’d)

contract, 137 • Google Buzz privacy

violation, 116 • video recording of picket line crossing, 136-137

Solicitor-client privilege, 35-37

Spam, see FISA (Fighting T

Internet and Wireless Spam

Third party data collection, Act)

64-65 Spyware, likely breach of

PIPEDA, 111-112 U

“Substantially similar” federal United States privacy requirement, 14-15 legislation, 13

Surveillance of employees, USA Patriot Act, 55, 62 132-137

Use of personal information, • e-mail monitoring, 134 see Collection, use, and • global positioning systems disclosure of personal

(GPS) installation, 134-135 information • • appropriate purpose, 135

V • implied consent, 133, 135

Video surveillance, 54, 128, • justification for surveillance

132-136 must be reasonable, 132-133

• • Canadian Pacific Railway W video camera case, 132-133

Whistle-blowing, 170 • • signs must be posted to

• protection of, 170 alert employees of video

cameras, 133 • surreptitious, 136

• • guidelines issued for covert and non-covert video surveillance, 137

References

Download now ( PDF - 12 Page - 100.55 KB )

Related documents

MINIMISING INVENTORY COSTS BY PROPERLY CHOOSING THE LEVEL OF SAFETY STOCK

Th e standard method for calculating safety stock uses the targeted customer service level and cumulative forecast error over the most recent historical periods to determine the

Bainbridge Island Nearshore Structure Inventory

During the summer of 2001, the City of Bainbridge Island conducted a detailed inventory of nearshore structural modifications (e.g. bulkheads, docks, groins) and select biological

Spectacles and spectres: political trials, performativity and scenes of sovereignty

Indeed, a notable tension emerges in the Dink family’s submission to the court between on the one hand the ‘suspicion’, ‘concern’ and ‘sense’ (57) that both the

Community recovery dynamics in yellow perch microbiome after gradual and constant metallic perturbations

By T3—at peak cadmium ex- posure—significant differences (p < 0.05) among treat- ments were observed in all microbial communities of water and host (Table 4 ; Additional file 2

Request for Proposal Research

Internal audit plays a key role in the governance of master data and the structured and unstructured processes that are associated with the data4. Internal audit’s role is to

Submission to UNCITRAL Working Group II on International Arbitration

For existing treaties, if the treaty provides that the version of the UNCITRAL arbitration rules in effect at the time of the dispute will apply, then, if the amended