On June 18th, the federal Commissioner, along with numerous
other privacy commissioners, published a joint letter to Google Inc., urging the company
to respond to questions and concerns related to Google Glass, the
company's new Internet-connected glasses.
"Google Glass raises significant privacy issues and it is
disappointing that Google has not engaged more meaningfully with
data protection authorities about this technology. We are urging
Google to take part in a real dialogue with us about Google
Glass," stated Commissioner Stoddart.
In addition, the federal Privacy Commissioner recently issued a
position paper, which recommends that she have
increased authority; for example, to issue fines (or administrative
monetary penalties) or to issue binding orders under
The Commissioner has also proposed that PIPEDA be amended
to empower a Court to order statutory damages for certain
contraventions. Pursuant to this model, damages would be awarded
for contraventions of certain PIPEDA provisions,
without the requirement for a claimant to prove actual loss
stemming from the contravention. A range of damage awards
could be prescribed, setting out minimum and maximum amounts for
contraventions of specific provisions. Within that range, courts
would be able to assess damages based on a number of explicit
factors to be taken into consideration.
Meanwhile, Private Member's Bill C-475, which, among
other things, would amend PIPEDA to require organizations
to notify the Commissioner of information security breaches
involving a possible risk of harm to an individual, still has not
passed Second Reading in the House of Commons. The previous
government Bill C-12, which (among other things) also would amend
PIPEDA to require notification of information security
breaches in some circumstances, remains in limbo.
The federal Privacy Commissioner also issued her Annual Report to Parliament 2012 this
month. Highlights from the Annual Report include:
220 complaints were accepted by the OPC for formal
investigation in 2012. 138 complaints were accepted for early
resolution in 2012. Only 23 of the complaints accepted for early
resolution were unresolved through that process and were referred
Of the 220 complaints accepted for investigation by the OPC in
2012, only 5 were deemed "well-founded and
The OPC received 33 voluntary notifications of an information
security breach in 2012. 58 % of these notifications came from the
financial industry (next highest was telecommunications, at 9%).
The Commissioner commended the privacy officers of federal
financial institutions for providing this voluntary notification to
The Commissioner provided some examples of interesting
complaint matters, such as a complaint against Facebook for
refusing to notify individuals "friended" by an imposter
account relating to a teen-aged girl. Facebook had been quick to
remove the imposter account when notified by the girl's mother
about the imposter account, but did not consider it appropriate for
Facebook itself to notify those "friended" by the
imposter account. Ultimately, Facebook agreed, going forward, to
facilitate a process whereby non-users could themselves notify
people "friended" by the imposter, in order restore their
own online reputation.
The Commissioner described an investigation the OPC had
undertaken regarding a Canadian franchisee of a USA-company who had
used a spyware application called "Detective Mode" to
covertly trace laptop computers that had been leased to customers.
The Commissioner found the use of the spyware overly intrusive of
customer privacy, and the OPC was ultimately able to reach a
consensual resolution of the issue with the franchisee.
The Commissioner commended LinkedIn for its swift due diligence
and accountability in responding to the June 2012 cyber-attack on
The Commissioner noted that, despite the concerns raised by the
OPC and by several privacy commissioners around the world regarding
has it indicated that it will do so.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Last Thursday, Canadian Securities Administrators issued a Staff Notice to provide reporting issuers with guidance for compliance with continuous disclosure obligations regarding cybersecurity risks and incidents.
Recent enforcement action by the Canadian and Australian Privacy Commissioners and the United States Federal Trade Commission provides important guidance for compliance with personal information protection laws.
In the 2002 thriller Minority Report, the pre-crime unit of the Washington police force could lawfully arrest suspects for future criminal activity based on the foreknowledge of certain psychic "pre-cogs" prior to any crime actually being committed.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).