Profile

Cover photo
Canadian Privacy Law Blog
408 followers|44,475 views
AboutPostsPhotosVideos

Stream

 
My discussion yesterday about the CRA heartbleed data breach with CTV Atlantic's Kayla Hounsell  http://bit.ly/1iSLNMU 
2
1
anastasia kiva's profile photo
Add a comment...
 
Updates to Canadian federal privacy law tabled in the Senate

As expected, the government has tabled amendments to the Personal Information Protection and Electronic Documents Act, but this time in the Senate as Senate Government Bill - S-4.

The highlights are breach notification and an exception to the consent rule for business transactions. I'll have more to say once I've given it a thorough going-over. Watch this space.
1
1
David Fraser's profile photo
Add a comment...
 
Cloud Computing FAQ for Corporate Counsel 

The Canadian Corporate Counsel Association Magazine (CCCA Magazine) Spring 2014 edition had a strong focus on privacy, "Managing your Privacy Risk: An In-house Guide."

The edition included a version of my Cloud Computing and Privacy FAQ, focused at in-house counsel. For the full article: https://drive.google.com/file/d/0B_bUaJvZ9k_BRFYtSThWYy15UUU/edit?usp=sharing.
1
1
Bruce Dust's profile photoDavid Fraser's profile photo
 
Great article for Canadian companies on what to consider when using Cloud storage/computing. Aussi disponible en français. 
 ·  Translate
Add a comment...
 
More details about Nova Scotia's first cyberbullying prevention order

Yesterday, I blogged about the first cyberbullying prevention order issued under Nova Scotia's Cyber-safety Act. (See: Canadian Privacy Law Blog: Nova Scotia court issues first cyberbullying prevention order.)

At that point, all I had to go on was the media reporting. Since then, I've managed to get my mitts on the Order of Justice Robertson, the brief filed by the Nova Scotia Director of Public Safety, the affidavit of Chief Paul, and the affidavit of CyberScan Unit enforcement officer Dana Bowden. No copy of actual decision or reasoning of the judge is available. Hopefully that will be released shortly.

In the past, I've been critical of the over-breadth of the Cyber-safety Act and its definition of cyberbullying that can capture legitimate speech that is protected by the Charter of Rights and Freedoms. Most of the reporting on this case focused on comments that were characterised as harassing. The crown attorney went even further:

'Crown attorney Angela Jones told the court that the comments made by Prosper were “defamatory, vulgar, … abusive and obscene.”'

[None of the comments that I saw met the legal definition of "obscene".]

However, the contents of the affidavit seem to tell a different tale. While certainly the communications that were alleged to have been made by the respondent were what I would call unpleasant, sometimes vulgar and certainly repeated, it also appears to be rooted in questions related to the management of the finances of the Pictou Island First Nation overseen by the complainant. I didn't see any attempt anywhere in the documents to do anything less than shut the respondent down completely. The CyberScan investigator met with the respondent and told him to stop all of his communications with the Chief, not to tone it down.

While this is the first such order, it's a bit disheartening that a statute with the potential to dramatically chill constitutionally protected speech doesn't seem to be applied in a manner to temper this overreach, as was the case when a constituent of Nova Scotia MLA Lenore Zahn was told by the CyberScan Unit to remove tweets that questioned her judgement.
1
1
Lea Kissner's profile photoAdam MacDonald's profile photo
 
Interesting, thank you.
Add a comment...
In their circles
226 people
Have them in circles
408 people
Christopher Troup's profile photo
Dave Tzagarakis's profile photo
Judy James's profile photo
John Colianne's profile photo
 
In case you are interested in seeing how Bill S-4, the Digital Privacy Act, amends the Personal Information Protection and Electronic Documents Act, I've put together a handy redline that shows all the amendments in-place. 
2
4
Gwynne Monahan's profile photoanastasia kiva's profile photoTrevor Tye's profile photoDavid Fraser's profile photo
5 comments
 
i suppose PIPEDA could contain a provision addressing government action. some other Bill, perhaps? something to lobby for by our local MPs? 
Add a comment...
 
U.S. (correctly) identifies some Canadian privacy laws as trade barriers

The United States Trade Representative has released its latest Report on Foreign Trade Barriers [PDF] which specifically identifies certain Canadian provincial privacy laws as non-tariff trade barriers. It points to the public sector privacy laws in British Columbia and Nova Scotia and singles out Canadian federal government procurement of cloud services: ...
2
2
Blair Collins's profile photoDavid Fraser's profile photo
Add a comment...
 
A hint at the extent of warrantless access to customer data in Canada

Earlier this week, the Halifax Chronicle Herald published a story about information that has come to light about the extent to which law enforcement agencies are seeking -- and getting -- access to private information without a warrant. (See Ottawa has been spying on you | The Chronicle Herald [link in blog post])

MP Charmaine Borg tabled a question in Parliament looking for particulars about how often government agencies look for and get information about customers of telecommunications services. Perhaps not surprisingly, CSIS and CSE refused to answer. The RCMP refused to provide information, saying it does not track this information. The full document is available here [PDF].

What is most interesting about the document is the extent that the Canadian Border Services Agency, the organization that polices Canada's borders, asked for and received telco customer information without a warrant. It happened over 18,000 times and telcos refused only a handful of times, mainly if they didn't have the information requested. 

If I had been asked which government agencies seek warrantless access to customer data, I would have put CBSA pretty low on the list and would think they would represent a drop in the bucket. If that's the case, and the "drop in the bucket" is 18,000 requests, we must be looking at a VERY LARGE bucket. 

What's also troubling is that unless charges are laid, nobody ever finds out that their information has been obtained by law enforcement. And, in fact, there's a gag order that would prevent you from getting that information from your telco. I highly doubt that CBSA laid 18,000 charges last year, so there are thousands of Canadians whose information has been accessed and they will never know about it. 

Not surprisingly, some of the best analysis of this comes from Chris Parsons, a post-doctoral fellow at the CitizenLab at the University of Toronto. Read his full discussion of this here: Mapping the Canadian Government’s Telecommunications Surveillance https://citizenlab.org/2014/03/mapping-canadian-governments-telecommunications-surveillance/1/.
1
2
Trevor Tye's profile photoDavid Fraser's profile photo
Add a comment...
 
Nova Scotia court issues first cyberbullying prevention order

A judge of the Nova Scotia Supreme Court has issued the first "Cyberbullying prevention order" under the province's Cyber-safety Act.

The case, as it has been reported, appears to be a classic case of online harassment where the victim reportedly received numerous threatening messages through Facebook. When the user was "blocked", he then repeatedly communicated with the victim's children conveying threatening messages. I haven't seen the actual order yet, but it reportedly orders him to stop "cyberbullying" and communicating with or about the victim. 
One additional point that's worth pondering is that the respondent to the order, who did not appear, is in Ontario which may make enforcing this order under Nova Scotia's unique law a challenge.

From Global TV (the link will also take you to a video where I was interviewed) [link and text in blog post below]:
2
1
David Fraser's profile photo
Add a comment...
 
My rant about Canadian surveillance at the Privacy Day event in Toronto. The link goes to the beginning of my part, but I recommend watching all of the great speakers.
3
2
Jean-Claude Lapointe's profile photoDavid Fraser's profile photo
Add a comment...
People
In their circles
226 people
Have them in circles
408 people
Christopher Troup's profile photo
Dave Tzagarakis's profile photo
Judy James's profile photo
John Colianne's profile photo
Contact Information
Contact info
Phone
+1 (902) 444-8535
Email
Story
Tagline
Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
Introduction
This is the Google+ page for the Canadian Privacy Law Blog, which reports on developments in Canadian privacy law.