Slashdot Mirror
Canadian Privacy Act
Nos. writes "Yesterday, I happened upon an Act that came into effect in Canada on January 1, 2004. The Personal Information Protection and Electronic Documents Act protects almost every bit of personal information not publicly available. For example, your name, race, date of birth, income, etc. are protected where your address and telephone number are not (these are generally available in the telephone book). Some of the more interesting parts of the faq include such wonderful things as: '[businesses must] supply you with a product or a service even if you refuse consent for the collection, use or disclosure of your personal information unless the information is essential to the transaction'. Definitely a step in the right direction."
Am I the only one who just spits out a random string of numbers when they ask for phone number or zip code info at the checkout?
This looks like a good thing. However, in a quick glance-through of the act, I didn't see anything dealing with information already collected.
Or if governmental agencies' practices are also influenced by the act.
RD
This could outlaw "drive-by" installs of spyware in Canada.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
Yeah... and we've got HIPAA for medical privacy here in the US yet, when I visited the doc's last, I found that he had installed a RF wireless keyboard that uses one of eight selectable encryption keys.
Privacy is impossible if one is to interface with the digital world.
Life is the leading cause of death in America.
For example, your name, race, date of birth, income, etc. are protected where your address and telephone number are not.
How are they going to call you without your name?
[businesses must] supply you with a product or a service even if you refuse consent for the collection, use or disclosure of your personal information unless the information is essential to the transaction.
This is likely more toothless than you would think - or at least, if this were U.S. law, it would be - because things like your SSN, date of birth, or mother's maiden name would be described by the service provider as "necessary" because they "need" to do a credit check on you.
2) if this is bullshit, then it is nothing but a pr stunt.
i am feeling awfully cynical today. sardonic too, with a splash of "eat shit and die, big brother".
btw, how will this be protected? what happens if a multinational corporation keeps information gathered in your country in a different country?
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
I don't even have to review the legislation to know that no matter how it is written, CSIS, the RCMP, and your local cop shop will ignore it if they feel the need.
Your SIN is private, right? HEH. Nope. Now it's linked in government databases to everything. As someone who once had complete and total access to several sensitive (welfare client info) government databases - and was challenged appropriately by only ONE of dozens of sysadmins - I don't trust the government to protect a pile of dog feces.
wtf, infomation that is not publicly available bla bla...isn't the privacy problem, in part, determining what in fact is infomation that should be public? Or is the phonebook company up there publicly owned? What if any ol business decided to make your infomation public, then, according to the post, it is available for any other business to post.
Error: Id10t detected
This, I feel, is precisely why it should not be necessary to make a law forcing business into the practice of selling to anonymous individuals. At any rate, in my experience, most of the reason that companies need all that information is to comply with existing government regulations that they must collect that information, or obvious reasons that make collecting the information applicable to the product that is being sold (for example, so that they can send you bills for a service you are buying). If a company demands information that I do not wish to give, I generally go somewhere else. Furthermore, I am never comfortable with laws telling people who they must or must not do business with.
I was at a Honda dealer trying to get service for my car, and when they asked for my address, I told them I didn't want any junk mail.
They were flustered. They said there was no way to put me into the system without getting on a marketing list. Eventually I gave them a fake address.
Go Canada. Stop this abuse.
One of our hosting providers dealt with this issue. They had to send physical mail to each person to have them sign a release opting-in to their mailing list. Not spam, mind you, but system messages that they were relying on.
:)
I like the idea, but this creates a lot of work too. For the unemployed, though, I guess that doesn't always sound like a bad thing.
Why is everyone asking if this is real? Do you think there are no laws in canada?
My employer has been spending a few weeks getting all ouf our information complaint with this act, and pulled me off the phones for an information session.
And tech support centers don't do things like that unless they are required to by law.
Dunno if you're being sarcastic or not, but I seriously had them refuse to sell me an AA battery, paying with cash, because I wouldnt give them all that info.
I said "man, I dont have time for this, I'm trying to catch a train. I just need a battery for my walkman "
And the guy said "Sir we cant sell anything without this information."
I put the cash on the counter and the battery in my pocket, and said "whatever keep the change" and the guy threatened to call the cops.
Radio Shack == fucked up.
I don't need no instructions to know how to rock!!!!
Some provisions make it relatively easy to sue companies for violating the strictures. It does look as though companies are taking it fairly seriously.
For example, you know those "preferred customer" cards that most stores have? Well, the pharmacies at stores in Canada are refusing to take them, because of the possibility that the marketing info from the cards could be correlated with your prescription information. They have big signs up to this effect in the stores in my area, and they say this is to comply with the law.
And Safeway (perhaps others as well) is hoping to develop a generic coupon system so you can get credit for the pharmacy purchases later. I suppose they'll hand you the coupon with your prescription, and you can present it at the cash register at a later date, so there's no way to correlate the pharmacy purchase with the money. They already do this with a couple of other things, so it wouldn't show as pharmacy purchases. Not really sure though.
A witty saying is worth nothing - Voltaire
Being a Canadian, and being an advocate for privacy, I've always been fighting Banks and other companies about how they collect and 'store' my information without impacting my service. X Bank recently sent me a letter stating that if I didn't approve of their using my personal information, it could impact their ability to provide me services. (x = big non-customer focused bank).
I promptly forward this to the Privacy office who responded back in just a week to both me and the X Privacy Department that:
a) The Privacy Commission's opinion was that letter X sent to me implies that if I don't agree to let them collect information, I loose services. It then scolded X for forcing clients to agree to the new policy. Fork 1, X 0.
b) X was warned to revise the letter to adhere to the new policy. Fork 2, X 0.
c) X was to clarify their communications to the customers on what they mean by 'reduced services.' Fork 3, X 0
d) X was to inform their clients of this new policy ASAP and apologize to me. Fork 4, X 0.
X Bank has not contacted me to date (it's been four weeks). I closed my account with them today and informed the PC of the fact. When X bank asked why I was closing:
"Sir, before I close this account may I ask why you're closing it?"
"You don't know how to play the customer service game. The score is 4 to nothing."
"Excuse me sir? I don't understand the answer and I need to put in something"
"Fork 4, X 0 - put that in there"
Management is doing things right; leadership is doing the right things. - Peter F. Drucker
Is to vote with your wallet.
I'm talking mainly about the retailers who ask for name, address, phone number, email etc, when you try to buy something.
I went to Circuit City to buy a TV, took out enough cash to pay for it, walked in, told the guy which I wanted, and we walked to the little sales terminal. He asked "can I have your name and address?" And I said, "no, you can have $499 plus tax". He started telling me how the computer "requires" it.. Gimme a break.
What you need to do is know when to walk away. I grabbed a sales circular by the door on my way out (because Best Buy would match the price)..
In the states, I've noticed that Best Buy stopped asking, they must have got the message, for instance.
It wastes the clerks time, annoys customers, and the marketing value of the collected data would come nowhere close to the amount of cold, hard, stinky cash walking out the door.
It's just the tip of the privacy iceburg, sure, but it annoying, and a good place to start sending a message.
I don't need no instructions to know how to rock!!!!
In the uk we have the Data Protection Act (of 1984 and redone in '98 AFAIK) which lays down rules about how your data is handled. Companies etc that collect data on you must be registered and must keep your data secure from others. Also you have the right to view all the data that anyone holds on you and ensure its accurate (except in a few situations such as police investigation), you can even see emails/memos about you and cctv tapes (again AFIAK). Even my old school is registered. There are afew other things which i forget but you can read about here
This comment does not represent the views or opinions of the user.
someone smarter than me said it better than me... the border between canada and the us is a one way mirror: americans look north and see themselves, canadians look south and see everything they are not
americans think of canadians as cute little fuzzy americans who got lost in an ice box... they tend to think of canadians patronizingly, paternalistically, if they even think of canadians at all
canadians think of americans as scary warmongering orwellian pseudofascists a half heart beat away from doing something really scary that canada has to worry about... they tend to emphasize their differences with americans as much as humanly possible, and they tend to think about their relationship with america alot
as an american, all i can say is the maple leaf state sure is a cold lonely place (chuckle)
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
A lot of DME (durable medical equipment) is very, very customized to the individual. Braces, prosthetics, etc, are custom fitted and engineered to weight, height, etc, etc..
I have a prosthetic leg, the foot, liner, pretty much every major component is custom built for me. The socket was created based on a casting and a trace of my real leg.
They may not need my name or address, but the equipment vendors surely need a lot of personal data about me to create their products.
And frankly, I dont care. They market to doctors offices and HMO's, not to patients.
I had a friend who used to give the name Ray Diosack (pronounce it) to...
He must be lucky. Not long time ago I was actually denied service at the photo-lab, because I refused to give them my name, address and what not. Eventually after some arguing (the woman was insisting that nobody in this world would sell me anything unless I give them at least my name) I offered her to enter James Bond in computer. As you can guess I did not develop my film there.
There are other issues that you might consider before moving to Canada. These have to do with Free Speech. There is no room for it north of 49.
= 110004688
Canada has an "Official Languages Commissioner" currently looking into Don Cherry's
http://www.opinionjournal.com/taste/?id
remarks about "French Guys" being "wimps" since more of them in the NHL wear face shields. Basically, that's the whole story.
The "Minister of State for Multiculturalism" is also involved: "the government will not tolerate statements that create dissonance in our society and disrespect for others."
All this proves is that Candians need a Bill of Rights stronger than their wimpy... oops - Charter of Rights and Freedoms. Well, it doesn't seem to protect any speech outside of these Ministers of Silly Walks combined tut-tutting (which would be a fine way to just keep these political hacks busy if their mere opinions did not have the force of law).
To brag a little, we in Sweden have had something like this for years. We can also ask companies and goverment/state organisations what they have stored on us, and even tell them to have it removed.
/ The Arrow
"How lovely you are. So lovely in my straightjacket..." - Nny
I'm from Canada and two weeks ago my employer held a seminar regarding PIPEDA and what it means.
The ramifications of it are quite enormous though as someone pointed out, it isn't retroactive. Canadian lawyers will make a killing as contracts are established/renewed will need to ensure that privacy is taken into account.
There are a few interesting twists to it, though. For example, my company is planning on implementing a very strict policy regarding PIPEDA. But I am currently outsourced working at a client's site. The policy that I will have to follow will be the one that my client implements.
I was also told that there are looser stipulations for international business. So if I'm doing business with an American resident, and the United States doesn't have a similar law, then I am not required BY LAW to follow my company's privacy policy.
It'll be interesting to see how the government tweaks this in the future. I am very happy that something like this is finally in place.
I think most of the spin about Canada being a socialist state is bogus.
Actually, it's not. Our government is Socialist. (Note that most Americans seem to believe that all socialist government are totalitarian, and I think you may have fallen into that trap as well.)
We have stronger state education and health care, but I think that's only a wise application of capitalism.
We also have government-run business ("Crown Corporations", like Canada Post), which is what makes us socialist. If there were no Crown Corporations, we'd be capitalist, if there were no independent businesses, we'd be communist. (OK, it's a little more complex than that, but that's the basic gist of it.)
Here's an interesting example of how this law is already having unforseen effects.
Guy calls the bank to activate his new credit card. At the beginning of the call he gets the obligatory "This call may be mointored for quality assurance purposes" message. The guy complains that he doesn't want to have his call monitored. The bank says well if you don't like it you can jam your card where the sun don't shine. Guy complains to the privacy commissioner. The privacy comissioner rules in favour of the guy and decrees that banks cannot monitor calls without consent as it violates our fabulous new privacy laws.
The upshot? It's now much easier for theives and fraudsters to steal credit cards from mailboxes and activate and use them. The bank is no longer allowed to record what phone number is used to register the card, and if the fraudster has obtained other personal information about you (or fraudently applied for the card in your name) you and the bank are screwed. Go privacy!
I've registered my name in the phone book as my first initial of first two names and then my last name. I.e. H. J. Simpson. Since nobody actually calls me H. J., but prefers to use my real name (Homer), every time I get a call for my "telephone name," I know it's a telemarketer. Same thing goes for addressed mail. Haven't opened a piece of junk mail in years.
Condemnant quod non intellegunt.
Radio Shack has learned from their mistakes of the past, thank goodness. Last year it finally dawned on Radio Shack that they were really angering their customers with the mandatory name and address BS just to buy a battery. They changed their policy to no longer ask for it and they even went so far as to run a radio advertising campaign, in my area, where the CEO apologized for their past policy and heralded the fact that it would no longer be the case.
You know you've pissed off your customers when the CEO has to go on the radio and tell everyone that he has learned and the policy is gone.
I, personally, I prefer the real names. E.g. Citibank (Citicorp) in Germany has a wonderful statement in their contracts saying that they are allowed to transfer all personal data whatsoever to USA and use it according to the local rules there.
Thanks a lot.. ..by just leaving the Bank, you've basically given up your right to complain further on the matter. Had you stayed with them and made repeated requests to the Privacy Commissioner for your deserved apology, the bank would have continued to be letter slapped until it turned into government imposed fines.. which would have gotten their attention and possibly improved customer service for everyone.
I know, not your responsibility, but it would have been nice for other folks having to deal with these guys.
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
I've never had a problem with privacy guys, actually.
They ask me for my info and I just say "No."
They ask me again, and I say "No."
They tell me that they can't enter my transaction without certain information and I say "Bullshit."
Usually this is as far as it gets, because I've stayed dead calm and they clue in that they're never going to get it from me, and I'm not going to leave their cash register until I finish the purchase. Once they figure that out, they ring up the purchase. I had one poor kid who had to call the manager, because he had no idea how to handle it. Fortunately, the manager clued in right away.
However, if they insist anyway we go on to the second stage, where I say "use your own info then."
This is where it can get fun. Usually they say that they can't do that, and then I start giving them back their own lines word for word: "But I need the information in order to complete the transaction," type of thing.
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
An ac wrote I know an awful lot of athiests and agnostics who are opposed to unrestricted abortion in America.
The abolition of slavery was considered the work of religious radicals too, who had this wild notion that all those slaves were human beings and their book said it was wrong to keep human beings in bondage, but not every abolitionist was religious. The right to live, like the right to not be a slave, is something that plenty of people can grasp without the guidance of Holy texts.
So, at the end of the day, like most things, the problem can be blamed directly on religious people. In this case, American Christians.
At the end of the day, I find that most problems can be blamed on the intollerent. You know, like some American Christians... also, exactly like you.
Good points.
The thing thing with political debates that you have to remember is that there are real consequences for the ideas that we kick around like so many political footballs.
Slavery in england was ended relatively peacefully. That is good.
Slavery in america (same idea, different people kicking it in a different direction) was ended with a civil war. (ok so that's the kindergarten version) Which is also good, except for the people who got killed.
The thing is that if you're male, you will never have to have an abortion. I'm male and so I can easly say "Abortion this, Abortion that. I could have been one of those foetuses." But on the other hand I'll never be a single teenaged mother. Which is different from being a single teenaged father because my body will never attempt to turn itself inside out to deliver a baby and then make me want to lactate thus making it harder for me to run away.
With the right to privacy, personal consequences become a lot more subtle - David Brin said in the "Transparent Society" that the consequence of the eventual death of privacy due to the power of electronic media would simply be a return to the village, where everybody knows everybody elses business.
I think that's another play of political football because of what happens if the village you return to is This village, where knowing is not enough. If people do something terrible, and everybody knows it but nobody acts it is in some ways worse than if they had their privacy to begin with.
Also you have to consider that majorities are fickle. What if 20 years from now an activity that you consider perfectly acceptable like say, knowing how to program becomes unacceptable by the general community.
Want an example? Think about it: If you can program in C, you can write viruses! that's scary for the non-programmers out there that think that software magically appears shrinkwrapped at the store.
It starts when you first have to register all your compilers. Then you have a crackdown against free unregistered compilers and "Kitchen table linux dealers". 60 minutes runs a special about how computer shows allow unknown people to aquire software - including unregistered compilers (a compiler being an incredibily powerful piece of software that allows you to create any other piece of software... Including VIRUSES).
Mandataory "Compiler licences" are required by the government where the person applying for one has to submit three photos, a blood sample, a retinal image and fingerprints. At least two of these are checked by biometric scanning every time the compiler is invoked (following the tradition of "smart guns" or "safe firearms").
The compiler must be stored on an EPROM in a dedicated piece of hardware and the source brought to it on some kind of storage media. The output is removed on another storage media to prevent people hacking in and compiling software from their terminals. The compiler's hardware must be kept in a safe that weighs at least 150kg or is b
Here in Iceland, there are many people with the same names (for example Jon Jonsson) because of our naming tradition so the phone directory will often have a little bit of text next to the name like "tall, works in the bookstore"
I managed to slip by but soon had one goon chasing me. I made it to the convenience store where they insisted on searching my bag. I told him to fuck-off.
After cackling on his walkie-talkie, he had three more goons on me, while I picked-up my snacks. I told them all to fuck-off (extremely loudly), that they had no fucking business searching people like that, and if they don't like it, they can shove their jobs through their asses.
I then proceeded to the cash counter line, where the head goon insisted that I pass in front of everyone.
I shouted back why don't you go fuck yourself, no, I'm not passing in front of everyone in line. So I waited a good five minutes while the goons were fuming. All the while I shouted back obscenities at them (all the time making sure I was in plain view of the security cameras).
When I paid and got out of the store, they escorted me out to the gate of the festival. They did not succeed in searching me, I got them pretty pissed-off at me, and I had the pleasure of yelling at them...
I just finished working on a piece of code for a company where this was a central issue. In the end, after much messing about with postcode databases, directory services and CGI forms to collect sets of data we had a meeting.
We decided that actually the only thing we needed
from a _logical_ viewpoint was one UID, so we scrapped the code, rewrote it to use just an email address.
No more hassles with data protections regulations, no more worrying about validation (one regex does it all), no fears about out of sync databases or misaligned fields.
As a business decision it was inspiring and so sensible, we just looked at what we _needed_
Companies should realise how much extra it costs them to keep superfluous data, program for it, log it, maintain it. Many just use a standard CGI form template with little thought about what is actually necessary. They collect data 'because they can'.
I had a friend who used to give the name Ray Diosack (pronounce it) to Radioshack when they asked for his name. He would then procede to give the cashier the street address for the store he was in. Nobody ever commented on this fact. Anyway, he would laugh to himself about the bulk mailers that must show up at the store every month from Radio Shack to Ray Diosack
They won't say a word and the mails won't show up at the store (RS won't spam their own store addresses, just personal ones).
When I was young, I was a RS employee. We were required to list names and addresses for 75% of the the transactions each day or face possible serious verbal torture sessions for not living up to our minimum wage responsibilities.
So, as every other RS store did, we'd always have to fill in some BS into the customer information if we were having a bad day extorting their personal information from them. Even if we knew a customer was feeding us BS, we'd keep a straight face knowing that person was saving us from making up crap on our own.
This is not a dream, not a dream...we are transmitting from the year 1-9-9-9.
It just means that it goes into the burn bag rather than into the trash can. When I was in the military, *everything* went into the burn bag. Did an exercise with bogus data? Burn baby, burn! Not sure if everywhere is like that, but they took that attitude that it's better to be safe.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Security classification for any document containing a person's name is "Protected B". ...
mind you , those are the very lowest form of 'classified' documents I've seen in the military. It's not that secure!
It doesn't have to be very secure, the largest threat is internal - employees, who can be easily sanctioned, not foreign militaries or governments. The next largest threat is "direct marketers" (read: junk mail and telemarketers) and "credit agencies" and data warehousers like Equifax.
I just got back (to the US) from a security and privacy conference in Canada where one large ISP/telco talked about the impact of privacy legislation on their business.
What they report is that the office of the Privacy Commissioner is strongly committed to protecting individual rights, and that if one customer complains then the company can be plunged into an expensive investigation.
Even nutcases get a careful hearing, apparently. Normal and semi-normal customers get responsive answers because the company is afraid of formal complaints.
The ISP will not turn over customer records, even to the tax authorities, without a court order or search warrant.
Sign at the conference: "If you don't need it, don't collect it!"
"To announce that there must be no criticism of the President, or that we are to stand by the President, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public." --Theodore Roosevelt (1918)
Say you have a country with endemic racism (or sexism, ageism - any prejudice will do) and enact laws that say practicing such prejudice in, say, hiring procedure is illegal.
Unless you TRACK the problem (ie measure the race/sex/age of hiring in the example - then observance to law cannot be proved. And is therefore lip-service. These statistics are KEY to prosecution.
I shit you not.