Updated on June 26, 2014, at 2:38pm: We just had a great Twitter chat with outgoing Ontario Privacy Commissioner Ann Cavoukian, John Lawford of the Public Interest Advocacy Centre, and Monica Goyal of Aluvion Law. Thanks to all who participated, and read on below for our recap of the chat!
Privacy, data, and the protection of personal information have been hot button issues for a while now. But lately, with the introduction of a new bill called the Digital Privacy Act, plus the appointment of a new federal privacy commissioner, there’s been a lot more buzz around privacy and what it has come to mean in Canada.
We’re holding a Twitter chat on Thursday, June 26 at 1 p.m. ET, running until 2 p.m., at the hashtag #ITBprivacy. We’ll be discussing the direction Canada is taking in its privacy legislation. If you’re on Twitter, we’d love it if you joined us!
We’re excited to announce we’ll be tweeting with a special guest expert – Ann Cavoukian, the information and privacy commissioner of Ontario. She is the creator of the mantra, “Privacy by Design,” which says that we can protect privacy by embedding it into the designs of our technologies, business practices, and physical infrastructures. The principle of Privacy by Design has gained recognition worldwide, and is now considered a global privacy standard.
Cavoukian will release her annual report on the state of privacy this month, making it her last report before she concludes her third and final term as Ontario’s privacy commissioner. She will be moving to a new role as the executive director of the Ryerson University Institute of Privacy and Big Data on July 1, 2014.
We’re also pleased to have two guest experts joining us for the chat:
- Monica Goyal, founder and principal of Aluvion Law. Goyal has a background in both engineering and law, and her practice now focuses on both law and technology. She regularly blogs for ITBusiness.ca on privacy, legislation, social media, and ways tech companies can establish themselves as corporations. You can find her on Twitter at @monicangoyal.
- John Lawford, executive director and general counsel of the Public Interest Advocacy Centre (PIAC). First founded in 1976, his group focuses on advocating for consumer interests in areas of public services, including privacy, telecommunications, finance, and energy. He will be tweeting from @CanadaPIAC as a second-time Twitter chat guest expert.
Q1. What responsibilities do businesses have to protect customers and consumer privacy?
A1 Businesses should seek to build trust w/ their customers by protecting their personal info. This can create a privacy payoff. #ITBprivacy
— IPC Ontario (@IPCinfoprivacy) June 26, 2014
A1: Businesses can’t use or disclose consumers information without their Knowledge and Consent #ITBprivacy — Monica Goyal (@MonicaNGoyal) June 26, 2014
A1- Even if they have your consent, they can only disclose personal info if a reasonable person would find it appropriate #ITBprivacy
— PIAC (@CanadaPIAC) June 26, 2014
I think businesses must keep my info private, and if its lost, disclose that info to me so I can take protective measures #itbprivacy #tech — Mat Pancha (@mpancha) June 26, 2014
Q2. What measures can businesses take to protect customers and consumer privacy?
A1 If you embed privacy as a default setting, you can offer your customers a privacy assurance & build a long relationship. #ITBprivacy
— IPC Ontario (@IPCinfoprivacy) June 26, 2014
SMBs shoudl first organize their data in appropriate systems first. While doing so, adopt appropriate policies. #ITBprivacy — David Chabot (@ExoChabot) June 26, 2014
2. A2-It’s good practice to be transparent about probs and asking for new consent if changes or new handling occur #ITBprivacy
— PIAC (@CanadaPIAC) June 26, 2014
A2: Have a clear policy for your customers on how you protect their info and under what circumstances you will disclose. #ITBprivacy — Monica Goyal (@MonicaNGoyal) June 26, 2014
A2 Implementing the 7 Foundational Principles of Privacy by Design will ensure the customer privacy & control of their info #ITBprivacy
— IPC Ontario (@IPCinfoprivacy) June 26, 2014
Link: http://t.co/YGzF1NFjDW RT @IPCinfoprivacy: the 7 Foundational Principles of Privacy by Design will ensure privacy #ITBprivacy — Brian Jackson (@brianjjackson) June 26, 2014
Q3. Right now, it’s not mandatory for businesses to report a data breach. How effective would this be to protect privacy?
A3-Very helpful! All #databreaches should be reported –and reported to the privacy commissioner #ITBprivacy
— PIAC (@CanadaPIAC) June 26, 2014
A3: Duty to report not as important as duty to protect, including duty to detect breaches. #ITBprivacy — Monica Goyal (@MonicaNGoyal) June 26, 2014
@itbusinessca @IPCinfoprivacy Good consumer privacy creates trust and a strong reputation w/the public. #itbprivacy
— Nova Scotia Legal (@nslegal) June 26, 2014
A3-#PIAC recently testified on mandating #databreach reporting for #BillS4. Check it out http://t.co/2qtme3OwNQ #ITBprivacy — PIAC (@CanadaPIAC) June 26, 2014
A3: Duty to report must not be crafted to incentivize ignorance. Legislation should incentivize early reporting of breaches. #itbprivacy
— Monica Goyal (@MonicaNGoyal) June 26, 2014
Q4. How effective will CASL and anti-spam laws be to protect consumer privacy?
Q4 I firmly believe consumers should be able to opt-in as the default, not opt-out. Consumers should always have the choice. #ITBprivacy — IPC Ontario (@IPCinfoprivacy) June 26, 2014
#CASL & other #antispam legislation wont help. It just means you need my permission to contact me, not protect my contact info. #itbprivacy
— Mat Pancha (@mpancha) June 26, 2014
A4-Very effective. #CASL will bring back control to consumers. Businesses must simply adapt. #ITBprivacy — PIAC (@CanadaPIAC) June 26, 2014
One way #CASL protects privacy is by preventing third-parties accessing an email list and marketing to them without permission #ITBprivacy
— IT World Canada (@itworldca) June 26, 2014
A4: Two Acts have different purposes 1. CASL to limit unsolicited communications 2. to protect your personal info -overlapping?#itbprivacy — Monica Goyal (@MonicaNGoyal) June 26, 2014
Separate #CASL from Privacy. Privacy under leaders like @AnnCavoukian is valuable. #CASL is just bureaucracy gone wild. #itbprivacy
— Jim Love (@CIOJimLove) June 26, 2014
Q5. The Supreme Court has ruled ISPs can’t give customer data to the police without a warrant. What does this mean for privacy?
Q5 I was thrilled by this unanimous decision by the Supreme Court of Canada. A true victory for privacy! #ITBprivacy — IPC Ontario (@IPCinfoprivacy) June 26, 2014
Q5 Our Charter says we have the right “to be secure against unreasonable search and seizure,” This decision supports that right. #ITBprivacy
— IPC Ontario (@IPCinfoprivacy) June 26, 2014
A5: The court indicated we have an expectation of privacy online, and new laws will have to be balanced against that. #itbPrivacy — Monica Goyal (@MonicaNGoyal) June 26, 2014
A5-Decision – called Spencer – does not establish right to Internet anonymity but makes police use warrant to investigate #ITBprivacy
— PIAC (@CanadaPIAC) June 26, 2014
Need a warrant to get my data. You can’t escape the constitution! Is this a great country or what? #itbprivacy — Jim Love (@CIOJimLove) June 26, 2014
Q5 This decision confirms we can & must can have both security & privacy. It is not an either/or proposition. #ITBprivacy
— IPC Ontario (@IPCinfoprivacy) June 26, 2014
@IPCinfoprivacy in today’s world you can’t have privacy without security. Malicious individuals will always want our data #ITBprivacy — Andrew Love (@Andrew_ZER0) June 26, 2014
Very Helpful. #itbprivacy pic.twitter.com/KDg7nDhsPO
— Jeff Radecki (@JeffRadecki) June 26, 2014
Q6. If passed, the Digital Privacy Act will allow companies to hand over customer data without consent or a court order. Thoughts?
A6-It’s an unnecessary invasion of people’s #privacy by corporations #ITBprivacy — PIAC (@CanadaPIAC) June 26, 2014
Digital Privacy Act won’t stand a constitutional test. @itbusinessca #itbprivacy
— CMO Digital (@cmodigital) June 26, 2014
A6: ISPs sharing data with the government is troubling, the DPA lets them share it with private organizations! #ITBprivacy — Monica Goyal (@MonicaNGoyal) June 26, 2014
A6-It allows for corporate spying – see more on our testimony on #BillS4 http://t.co/2qtme3OwNQ #ITBprivacy
— PIAC (@CanadaPIAC) June 26, 2014
@itbusinessca might as well rename it to “Digital Publicity Act” because that is not privacy. #ITBprivacy — Andrew Love (@Andrew_ZER0) June 26, 2014
Here’s the @mgeist take on what happened in the Senate committee http://t.co/pSPlayhJep #itbprivacy
— Brian Jackson (@brianjjackson) June 26, 2014
Q7.The “Protecting Canadians from Online Crime Act” has been critiqued as organizations could reveal consumer data without a warrant. Thoughts?
A7: I’ve dealt with cyberbullying cases and victims are frustrated by the current system. #ITBprivacy (1/2) — Monica Goyal (@MonicaNGoyal) June 26, 2014
A7: Is the solution to give police unfettered access? There needs to be a balance. #ITBprivacy 2/2
— Monica Goyal (@MonicaNGoyal) June 26, 2014
.@MonicaNGoyal I agree about having a balance. Such a simple word, yet to complicated to implement. #ITBprivacy — KetevanNatsvlichvili (@KetevanN) June 26, 2014
A7 Bill C-13 is a surveillance wolf in sheep’s clothing. It should be split in two. #ITBprivacy
— IPC Ontario (@IPCinfoprivacy) June 26, 2014
This isn’t the first time government has tried to package warrantless disclosure in a bill #itbprivacy — Brian Jackson (@brianjjackson) June 26, 2014
.@IPCinfoprivacy: Exactly! #BillC13 should be changed to remove inappropriate corporate immunity #ITBprivacy
— PIAC (@CanadaPIAC) June 26, 2014
A7 Just the 1st 6 pages of this 53-page bill deal with cyberbullying! #ITBprivacy — IPC Ontario (@IPCinfoprivacy) June 26, 2014
Q7 I object to the blanket immunity provision. It sends the wrong message about accountability & sweeping surveillance practices #ITBprivacy
— IPC Ontario (@IPCinfoprivacy) June 26, 2014
A7 – The bill is certainly better than C-30, but the government should re-read the Spencer decision and start again. #itbprivacy — David T.S. Fraser (@privacylawyer) June 26, 2014
A7 – Companies should now know they can’t lawfully disclose this info, so the immunity offered is illusory #itbprivacy
— David T.S. Fraser (@privacylawyer) June 26, 2014
Q8. Daniel Therrien’s appointment as privacy commissioner has been controversial. Is someone embedded in government suitable as a watchdog?
A8: I don’t like to expand credentialism, but it might help shield us from cronyism. Is he there to serve Canadians, or the PM? #itbprivacy — Monica Goyal (@MonicaNGoyal) June 26, 2014
A8 – It doesn’t disqualify anyone. Initial questions were legit. But I can see him being effective in the role #itbprivacy
— David T.S. Fraser (@privacylawyer) June 26, 2014
A8 I had some concerns w/ the optics of the app. process, I applaud Therrien for the way he has voiced concerns about C-13 #ITBprivacy — IPC Ontario (@IPCinfoprivacy) June 26, 2014
@CanadaPIAC No doubt. The process for all Parliamentary officers shld be robust, transparent and able to stand up to scrutiny. #itbprivacy
— David T.S. Fraser (@privacylawyer) June 26, 2014
Q9. In a time when it’s getting harder to protect our privacy, what tips can you share for safeguarding personal data?
MOST definitely! RT @CanadaPIAC: A9-Take the time to maximize privacy settings on social media #ITBprivacy — Michelle Warren (@MichelleWarren1) June 26, 2014
A9-Disable location information in apps that don’t need it #ITBprivacy
— PIAC (@CanadaPIAC) June 26, 2014
A9: Be aware of what data you share. Most browsers have a privacy mode that limits cookies. http://t.co/0ifjPRfflK #itbPrivacy — Monica Goyal (@MonicaNGoyal) June 26, 2014
A9-If concerned, request your info from companies and orgs – you can do that here: http://t.co/GH0i0DcXQx #ITBprivacy
— PIAC (@CanadaPIAC) June 26, 2014
A9-Reduce your sharing of personal info online #ITBprivacy — PIAC (@CanadaPIAC) June 26, 2014
@itbusinessca A9 Don’t give your passwords to others and change them often #itbprivacy
— Nova Scotia Legal (@nslegal) June 26, 2014
I’m just never sure how much I should share on Facebook, Twitter, etc. Like when does it get too personal? Hard judgement call #itbprivacy — Candice So (@candice_so) June 26, 2014
.@CanadaPIAC Value your privacy, don’t accept that your flashlight app needs access to your call history. #itbprivacy
— Monica Goyal (@MonicaNGoyal) June 26, 2014
A9 Always keep in mind the five W’s when asked to disclose your personal information: (cont.) #ITBprivacy — IPC Ontario (@IPCinfoprivacy) June 26, 2014
A9 Who wants it and who will have access to it? Why do they want it? What will it be used for? #ITBprivacy (cont.)
— IPC Ontario (@IPCinfoprivacy) June 26, 2014
A9 Where will your information be stored? When will your information be used and when will it be discarded? #ITBprivacy — IPC Ontario (@IPCinfoprivacy) June 26, 2014
Here’s a story we did about protecting your online privacy – 5 good tips http://t.co/2ZOBgSEHMR #itbprivacy
— Brian Jackson (@brianjjackson) June 26, 2014
A9: Other apps can help identify gaps in your systems http://t.co/Xj7xA431X5 and http://t.co/CPc9vkbj5i #itbprivacy — Monica Goyal (@MonicaNGoyal) June 26, 2014
A9 – You don’t have to be paranoid. Sharing is often good for us, for community and society. But make informed decisions. #itbprivacy
— David T.S. Fraser (@privacylawyer) June 26, 2014
@privacylawyer #itbprivacy unfortunately control is being exchanged for convenience and laziness sometimes. — Hunimano Coelho (@hunicoelho) June 26, 2014
@hunicoelho If you don’t exercise control, you’re letting others make decisions for you. #itbprivacy
— David T.S. Fraser (@privacylawyer) June 26, 2014
Q10. What can Canadians do to demand more privacy protection from the public sector?
A10-Support reform of the Federal Privacy Act #ITBprivacy — PIAC (@CanadaPIAC) June 26, 2014
A10-Vote for parties that promise to keep government out of citizens’ internet accounts #ITBprivacy
— PIAC (@CanadaPIAC) June 26, 2014
A10 Canadians can choose to support services & companies that make privacy protection a priority. #ITBprivacy — IPC Ontario (@IPCinfoprivacy) June 26, 2014
Worth looking at @OpenMedia_ca petition against government spying and warrantless disclosure https://t.co/mjFhtEoeuo #itbprivacy
— Brian Jackson (@brianjjackson) June 26, 2014
.@itbusinessca: send a note to Mr. Therrien – he will use it – send a note to the ETHI Committee in House Commons #ITBprivacy — PIAC (@CanadaPIAC) June 26, 2014
A10 – Bring it up as an issue with MPs. Too many politicians think this issue doesn’t swing any votes. #itbprivacy
— David T.S. Fraser (@privacylawyer) June 26, 2014
A10: Keeping these discussions going, and staying aware of privacy is important 🙂 #itbprivacy — Monica Goyal (@MonicaNGoyal) June 26, 2014
A10 Chats like this are a great place to start. Raise awareness and discuss the issues. Digital picketing for a digital concern #ITBprivacy
— Andrew Love (@Andrew_ZER0) June 26, 2014
And for a full list of the Twitter chat topics we’ll be covering, up until Sept., see this link http://t.co/VuoM14VE5K #itbprivacy — IT Business Canada (@itbusinessca) June 26, 2014