The Privacy Law section of the Canadian Bar Association (New Brunswick) is organizing a one-day professional development event on the province's new health privacy legislation. The keynote speaker will be Anne Cavoukian, speaking on her experience with PHIPA in Ontario.

More details here: CBA - An Introduction to the Personal Health Information Privacy and Access Act.

Add the event to your calendar: .

A long-time friend of this blog just recently sent me a link to a new decision from the British Columbia Supreme Court (R. v. Pickton, 2010 BCSC 1198 ), in which the Court was asked to issue a publication ban to protect the identity of an individual witness for reasons of privacy.

The individual applicant had previously been a sex worker and drug addict. In 1997, police laid a charge against Robert Pickton, alleging that he had attempted to murder her but the prosecution was discontinued. Her evidence is relevant in the current proceeding against Robert Pickton. No publication ban was entered at the time of the 1997 prosecution.

Since then, the applicant has left the sex trade and is no longer a drug user. She is married, has kids and appears to be living a normal life in the lower mainland of British Columbia.

She brought an application to prevent her name from being disclosed during the current prosecution of Pickton. The application was strongly opposed by the media.

When dealing with publication bans, the courts take their lead from Dagenais v. Canadian Broadcasting Corp., [1994] 3 S.C.R. 835, 1994 CanLII 39 (S.C.C.) and R. v. Mentuck, 2001 SCC 76, [2001] 3 S.C.R. 442, neither of which explicitly address privacy interests.

A publication ban should only be ordered when:

(a) such an order is necessary in order to prevent a serious risk to the proper administration of justice because reasonably alternative measures will not prevent the risk; and

(b) the salutary effects of the publication ban outweigh the deleterious effects on the rights and interests of the parties and the public, including the effects on the right to free expression, the right of the accused to a fair and public trial, and the efficacy of the administration of justice.

In this case, the media argued that the applicant was only "about embarrassment and nothing more". They suggested that her interests could be protected by changing her name.

Justice Williams did not agree:

[20] I am satisfied that the Applicant will suffer a significant breach of privacy if her name is not protected by a publication ban and that this impacts on her personal security and that of her family. The privacy interests of the Applicant are a legitimate aspect of the proper administration of justice and must be considered in the analysis. The Respondents’ submission that the Applicant’s privacy interests are insufficient seems contrary to a number of authorities including the Criminal Code provisions which deal with publication restrictions for victims and witnesses. These provisions expressly recognize the privacy interests of the victims and witnesses. The concept of dignity springs to mind. Although it is nowhere mentioned in the subsection, I cannot believe that it is not a factor worthy of some consideration in the analysis.

Given that the media are free to report on all the details of her previous encounter with Pickton and of any evidence she has given more recently, but without her name, the balance tilted in favour of protecting her identity.

[28] The Applicant, having participated in the proceedings against Mr. Pickton requests that she be able to live in her community free from the public scrutiny that will arise if her name and identity are published. She does not seek to prevent the details of her story from being published. In my view, granting the Applicant’s request achieves the proper balance that the Dagenais-Mentuk framework requires between the open court principle and the proper administration of justice. The temporary publication ban which has thus far protected the Applicant has been shown to minimally impair the ability of the Respondents to perform their function. The publication ban respects the open court principle and allows the public to scrutinize this proceeding. The publication ban protects the proper administration of justice because it permits the Applicant’s story to be told in a way that illustrates that the justice system respects, where possible, the privacy interests of victims and witnesses of crime.

Labels: criminal law, privacy, publication bans

This is the first Canadian case of "medical identity theft" or impersonation that I've seen widely reported:

CBC News - Calgary - Mistaken identity case sparks investigation

Alberta's privacy commissioner has announced an investigation into the "Golo" identity case.

Golo is the nickname of a man who was admitted into Foothills Hospital, died on May 21, 2009, and then was buried in a Calgary cemetery, all under someone else's identity.

He allegedly used an Alberta Health Care card stolen from a casual acquaintance.

The investigation will examine "what steps are reasonable to take to ensure health information is accurate and complete before it is used by a health services provider," according to a news release from the information and privacy commissioner's office.

A report will be released to the public once the investigation is completed.

Calgary police are still trying to determine Golo's identity.

You may recall that last year, following a high-profile complaint made against Facebook by the Canadian Internet Policy and Public Interest Clinic, the Privacy Commissioner of Canada gave Facebook a year to get its house in order. In particular, the social networking site told the Commissioner that it would take about a year to address issues regarding third party applications on the Facebook platform and the handling of accounts of deceased users.

A year has passed and the media are reporting that there may be a showdown brewing. It is suggested that if the Commissioner is not satisfied with what Facebook is doing today, it's off to court: Privacy czar set to hand down Facebook ruling.

I'm not sure it's as dire as that, but it will be interesting to see what transpires in the coming days.

It should also be borne in mind that the Commissioner is an ombuds(wo)man. If she goes to court, it's a de novo hearing, so the matter starts all over at the very beginning. Factoring in "Internet time", what Facebook was doing a year ago seems like pre-history.

Update: CIPPIC says that Facebook still falls short of its Canadian obligations, according to an article at ITBusiness.ca.

Labels: facebook, privacy

Elizabeth Denham, former Assistant Privacy Commissioner of Canada was recently interviewed by itbusiness.ca saying that the Federal Commissioner's office may need augmented powers to deal with privacy enforcement in the modern age. The OPC has hired two academics to re-examine the ombudsman model that the office currently follows and to look at alternatives.

See the article and video interview here: Privacy watchdog needs sharper teeth.

According to Spiegel, the German government is currently working on an addition to the country's data protection laws that will prevent employers from using Facebook to screen prospective employees, but most other internet-derived information will be fair game:

Saving Jobseekers from Themselves: New Law to Stop Companies from Checking Facebook Pages in Germany - SPIEGEL ONLINE - News - International

But those Facebook users hoping to apply for a job in Germany should pause for a moment before they hit the "deactivate account" button. The government has drafted a new law which will prevent employers from looking at a job applicant's pages on social networking sites during the hiring process.

According to reports in the Monday editions of the Die Welt and Süddeutsche Zeitung newspapers, Interior Minister Thomas de Maizière has drafted a new law on data privacy for employees which will radically restrict the information bosses can legally collect. The draft law, which is the result of months of negotiations between the different parties in Germany's coalition government, is set to be approved by the German cabinet on Wednesday, according to the Süddeutsche Zeitung.

Although the new law will reportedly prevent potential bosses from checking out a candidate's Facebook page, it will allow them to look at sites that are expressly intended to help people sell themselves to future employers, such as the business-oriented social networking site LinkedIn. Information about the candidate that is generally available on the Internet is also fair game. In other words, employers are allowed to google potential hires. Companies may not be allowed to use information if it is too old or if the candidate has no control over it, however.

The Privacy Commissioner of Canada just recently announced a settlement has been reached in its application to the Federal Court to stop Canad Corporation of Manitoba from ID-swiping patrons of its nightclubs. This followed an investigation by the OPC that recommended the practice be terminated and that the data collected be destroyed. Canad refused to follow the OPC's advice, so the Commissioner commenced an application to the Court to have the matter dealt with there.

Labels: id swiping, privacy

Dan Michaluk has a good summary of a very recent Federal Court of Canada case that found an access request (and the right to bring an application to the court) survives the death of the relevant individual. See: Case Report – Federal Court addresses effect of requester’s death on a denied access request � All About Information, about Canadian Association of Elizabeth Fry Societies v. Canada (Public Safety and Emergency Preparedness), 2010 FC 470 (CanLII).

The US State Department is wading into the Blackberry security debate already discussed below. They hope to reach a compromise, which hopefully will not compromise the security of the devices. See: State Dept. wades into foreign BlackBerry ban.

According to the New York Times, the United Arab Emirates is poised to ban e-mail and internet use on Blackberry devices for "security issues". The security issue is that the devices are too difficult to monitor. See: U.A.E. Is to Bar BlackBerry E-Mail Over Security Issues - NYTimes.com.

According to the Washington Post, the Obama administration is seeking to expand (or "clarify") the authority of the FBI to seek web-surfing records with a national security letter. The current law allows the FBI to require the production of "transactional" information without a warrant but not content information. The FBI is of the view that the current statute allows them this authority, but want it clarified to avoid "unnecessary litigation". See: White House proposal would ease FBI access to records of Internet activity.

The Canadian Bar Association's National Privacy and Access Law Section has organized what I expect will be one of the premier continuing education events in Canada for privacy and access specialists on September 19/20 in Ottawa.

The program is awesome, covering both access to information and privacy.

Speakers include Federal Privacy Commissioner Jennifer Stoddart, Federal Information Commissioner Suzanne Legault, Alberta Commissioner Frank Work, BC Commissioner Liz Denham, Nova Scotia's Dulcie McCallum, Saskatchewan's Gary Dickson, Quebec's Jacques Saint-Laurent. Private sector speakers are a who's who of privacy law.

More info here: CBA - Privacy and Access Rights in the Age of Technology: The State of Canadians’ Information Rights in 2010 and Beyond.