Canadian Lawyer InHouse

Dec/Jan 2011

Legal news and trends for Canadian in-house counsel and c-suite executives

Issue link: https://digital.canadianlawyermag.com/i/50876

Contents of this Issue

Navigation

Page 26 of 39

INDUSTRY SPOTLIGHT Privacy row Canada's privacy regulators try to keep up with new technologies and cross-border data transfers. By Paola Loriggio Ten years ago, when Canada's private-sector privacy law passed, e-commerce was barely hitting its stride, smartphones were still in their infancy, and hardly anyone outside of IT depart- ments had heard of cloud computing. These days, of course, the world runs on information, with companies constantly using and transmitting data captured from customers and employees. As busi- nesses stake out new markets around the world, those data follow, transferred to, say, a sister company in New York City or a third-party service provider in Bangalore, India. Canada's privacy regulators are striving to keep up with the new business land- scape, investigating, for example, a web site that outsourced its e-mail operations to a U.S. firm, and a security company's deci- sion to merge its Canadian and American customer databases. Meanwhile, more and more governments around the world are regulating the use and flow of infor- mation, some with omnibus data-pro- tection laws, others with sector-specific requirements. It's no surprise, then, to see companies wrestle with diverging and sometimes conflicting privacy and data-protection requirements as they conduct business around the globe. Take Research In Motion Ltd., the Waterloo, Ont.,-based technol- ogy giant best known for the BlackBerry. This summer, the United Arab Emirates, Saudi Arabia, and India threatened to block some BlackBerry services unless the company allowed their governments to monitor user messages. RIM's trans- ferring of data offshore, regulators said, compromised national security. The com- pany eventually agreed to grant authori- ties access to some data, though details of the arrangements weren't disclosed to the public. Privacy experts and smartphone users worldwide followed the negotiations, widely considered to set a new precedent for mobile data protection. While no single decision or ruling has revolution- ized the transfer of data across borders so far, each new development adds to the tapestry of regulations and best prac- tices, says Duncan De Chastelain, gen- eral counsel for GE Money's Canadian operations. "It's a series of decisions that, over time, are sort of building a sense of greater awareness of global data traffick- ing and what, globally and nationally, are the requisite standards that need to be in place," he says. As it is, Canada's privacy system is "gaining currency worldwide as an excel- lent model for privacy legislation," says Adam Kardash, head of Heenan Blaikie LLP's national privacy and information management group. The federal private- sector law, the Personal Information Protection and Electronic Documents Act, took effect in stages starting in 2001, and shifts the main responsibility for safeguarding data from the consumer to the organization gathering and using the information. PIPEDA forces organiza- tions to obtain consent before collecting, using or disclosing personal information. Quebec, Alberta, and British Columbia each boast their own private-sector pri- vacy laws, deemed "substantially similar" to PIPEDA; some provinces, including Ontario, have a separate health informa- tion act, which applies to some private- sector activities. "Many companies in Canada transfer their data, including personal informa- tion, across borders every day of their operations — and generally, they would be permitted to do so under applicable privacy legislation," says Kardash. "There's certainly responsibility on the company to ensure that [its] data is safeguarded, and this becomes more difficult as the data of a Canadian company resides with service INHOUSE DECEMBER 2010/JANUARY 2011 • 27

Articles in this issue

Archives of this issue

view archives of Canadian Lawyer InHouse - Dec/Jan 2011