The British Columbia Information and Privacy Commissioner has recently published a number of new or updated resources for private sector organizations. These materials are publicly available on the Commissioner’s website and provide a useful education tool (or refresher) for chief privacy officers of organizations who need to address compliance with British Columbia’s Personal Information Protection Act. Read the rest of this entry »
Whose email is it? University does not control personal email of faculty members
May 10th, 2012 | Comments
Eileen Vanderburgh
Who controls the personal email of public body employees on the public body’s email system? Under public sector information and privacy legislation all records, including email, that are in the custody of or under the control of the public body are subject to provisions granting access rights to the public. This issue has been highlighted by a series of orders from provincial Information and Privacy Commissioners considering the status of email files of faculty members at Canadian universities who were involved in grant approval decisions of the Social Sciences and Humanities Research Council (SSHRC). Most recently, the Alberta Court of Queens Bench over-turned a decision of an adjudicator delegated by the Alberta Commissioner who had found that the email communications between a faculty member at the University of Alberta and the SSHRC were under the control of the University and were therefore subject to the access provisions in the Alberta Freedom of Information and Protection of Privacy Act. Read the rest of this entry »
B.C. Supreme Court confirms Commissioner’s jurisdiction to decide questions of solicitor-client privilege
March 30th, 2012 | Comments
Eileen Vanderburgh
The B.C. Supreme Court’s recent reasons in School District No. 49 (Central Coast) v British Columbia (Information and Privacy Commissioner), confirms the Commissioner’s jurisdiction to decide questions of solicitor-client privilege over information in public body records. However, the Court also concluded that the Commissioner incorrectly decided that information about legal accounts paid by the School District in a particular case was not protected by solicitor-client privilege and the Commissioner’s order was set aside. Read the rest of this entry »
Employers’ use of Facebook in the hiring process – it’s not a “like”
March 23rd, 2012 | Comments
Eileen Vanderburgh
Can employers require prospective employees to provide access to their Facebook profiles and accounts? A recent article in the Globe and Mail highlighted a growing trend among U.S. employers to require job applicants to provide their Facebook login and password as part of the application process. Facebook has warned U.S. employers that requiring applicants to provide their Facebook passwords is a violation of the terms of service and illegal under federal law. In light of the recent focus on this issue it is worthwhile to review the privacy obligations of B.C. employers in the hiring process and in particular in the collection of personal information from social media sites. Read the rest of this entry »
Solicitor-client privilege over workplace investigations
March 1st, 2012 | Comments
Eileen Vanderburgh
Public bodies seeking to maintain confidentiality over workplace investigations often retain lawyers to conduct the investigation and report their findings to the public body’s board or other decision-making body. The B.C. Information and Privacy Commissioner’s office has released an order confirming that a report by the City of Fort St John’s lawyers of a workplace investigation into the conduct of the Mayor which included recommendations and advice to City Council was protected from disclosure by solicitor-client privilege. In the Order the adjudicator distinguished the circumstances of the investigation and report from an earlier decision which had found that a lawyer’s factual report of an investigation conducted for the Vancouver School Board was not protected by solicitor-client privilege as it did not contain legal advice. Read the rest of this entry »
B.C. Commissioner issues cloud computing guidelines for public bodies
February 24th, 2012 | Comments
Eileen Vanderburgh
The B.C Information and Privacy Commissioner has issued guidelines for the use of cloud computing by public bodies subject to the Freedom of Information and Protection of Privacy Act (“FIPPA“). The use of cloud computing services raises particular concerns for B.C. public bodies who are subject to the limitations in FIPPA on the storage or access of personal information outside Canada. Under FIPPA, B.C. public bodies are restricted in their ability to store personal information in their custody or under their control outside Canada or to permit access to personal information in their custody or under their control from outside Canada. These restrictions essentially prevent public bodies and companies that provide services to public bodies from using cloud computing services that store personal information outside Canada. Read the rest of this entry »
BC Commissioner limits use of facial recognition technology
February 21st, 2012 | Comments
Eileen Vanderburgh
The B.C. Information and Privacy Commissioner has released an investigation report on the Insurance Corporation of British Columbia’s (“ICBC”) use of facial recognition technology which sets limits on the use of the technology. The Commissioner’s investigation was triggered by ICBC’s offer to use the technology to assist the Vancouver Police department with the identification of individuals involved in the June 2011 Stanley Cup riot. The Commissioner found that ICBC’s use of facial recognition technology for the identification and prevention of fraud in the acquisition and use of drivers licences and B.C. identification cards was authorized under the Freedom of Information and Protection of Privacy Act (“FIPPA“), but found that ICBC was not authorized to use the technology to assist police in a criminal investigation without a warrant, subpoena or court order. The report also reviews ICBC’s privacy management program and makes recommendations for improvements which are of general application to all public bodies subject to FIPPA and to private sector organizations governed by the Personal Information Protection Act (“PIPA“).
Google’s New Privacy Policy
February 7th, 2012 | Comments
Bob Pakrul
In late January, 2012 Google announced that it will be harmonizing its 60 different privacy policies into one policy which will apply across all Google products, including Gmail and YouTube. The intended inplementation date is March 1, 2012. Since then the reaction has been less than positive, with many commentators and regulators questioning Google’s plans to compile and link data together from multiple sources, effectively compiling a super-profile of the individual which could be of higher value in profiling and advertising. It is not clear if a viable opt-out option will be available to those wish to avoid this type of data linkage but still desire to use one or more of the many on-line products controlled by Google. The proposed new Google privacy policy can be found here. Read the rest of this entry »
