Slashdot Mirror
Canadian Privacy Act
Nos. writes "Yesterday, I happened upon an Act that came into effect in Canada on January 1, 2004. The Personal Information Protection and Electronic Documents Act protects almost every bit of personal information not publicly available. For example, your name, race, date of birth, income, etc. are protected where your address and telephone number are not (these are generally available in the telephone book). Some of the more interesting parts of the faq include such wonderful things as: '[businesses must] supply you with a product or a service even if you refuse consent for the collection, use or disclosure of your personal information unless the information is essential to the transaction'. Definitely a step in the right direction."
...this conincides with the Canadian recording industry going after users.
Am I the only one who just spits out a random string of numbers when they ask for phone number or zip code info at the checkout?
This looks like a good thing. However, in a quick glance-through of the act, I didn't see anything dealing with information already collected.
Or if governmental agencies' practices are also influenced by the act.
RD
Sure, we laughingly call it "America Junior," but when it comes to privacy rights America Jr. has it all over Big Brother.
For me being an American! Where our rights to privacy are honored and upheld by the great - hey, wait a minute.....
This could outlaw "drive-by" installs of spyware in Canada.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
For example, your name, race, date of birth, income, etc. are protected where your address and telephone number are not
What I want is not to be pestered salesmen and junk mail.
I don't care if total strangers send me birthday cards.
"protects almost every bit of personal information not publicly available. For example, your name"...
"where your address and telephone number are not (these are generally available in the telephone book)."
So in Canada they dont put your name in a phone book?
If this was real, it would make for some great jokes.
500 dollar reward for tip(s) leading to the arrest of the person(s) who stole my sig.
are two different things. Ie, here in Germany we have very tough laws with regard to your personal information and how it must be handled by businesses and the government. It's called "Datenschutz" and the CCC (Chaos Computer Club, you know: Blinkenlights) is a big lobbiest for Datenschutz.
Unfortunately the laws and procedures are broken every day, simply because it's so easy to do. It's very rare that somebody publicly complains when personal privacy is jeopardized and even when somebody cries foul, the public doesn't care.
Free Manning, jail Obama.
For example, your name, race, date of birth, income, etc. are protected where your address and telephone number are not.
How are they going to call you without your name?
Well, privacy, like encryption, should be based on the knowledge that a highly motivated individual can and will break the system, but that the goal is to make the cost (money, time, resources, personal risk...) involved is high enough that 1) it cannot be done en masse, and 2) the value obtained from such a violation is by far overshadowed by the expediture. This is the basic idea behind security, too, both information security and physical security.
#define DRM chmod 000
[businesses must] supply you with a product or a service even if you refuse consent for the collection, use or disclosure of your personal information unless the information is essential to the transaction.
This is likely more toothless than you would think - or at least, if this were U.S. law, it would be - because things like your SSN, date of birth, or mother's maiden name would be described by the service provider as "necessary" because they "need" to do a credit check on you.
I actually had to sign one of these statements at work & deal with this whenever I see the doctor/dentist/etc.
It seems that information already collected must be dealt with according to the act. Just because you collected it last year, doesn't mean you don't need consent to use it this year. Actually, my Dentist made me sign a form for them to share/get information with outside labratories.
===> An eye for an eye makes everyone blind - MG
These laws are great in theory but considering the government's lack of enthusiasm to protect personal information (at least in the US) they are nearly impossible to enforce.
The whole war on spam is the exact same thing. The government passes all of these laws to make it look like they're doing something but then can't/won't enforce said laws.
They can pass all the laws they want but if the government is unwilling to enforce them then what's the point?
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.
I don't even have to review the legislation to know that no matter how it is written, CSIS, the RCMP, and your local cop shop will ignore it if they feel the need.
Your SIN is private, right? HEH. Nope. Now it's linked in government databases to everything. As someone who once had complete and total access to several sensitive (welfare client info) government databases - and was challenged appropriately by only ONE of dozens of sysadmins - I don't trust the government to protect a pile of dog feces.
I was at a Honda dealer trying to get service for my car, and when they asked for my address, I told them I didn't want any junk mail.
They were flustered. They said there was no way to put me into the system without getting on a marketing list. Eventually I gave them a fake address.
Go Canada. Stop this abuse.
Why is everyone asking if this is real? Do you think there are no laws in canada?
My employer has been spending a few weeks getting all ouf our information complaint with this act, and pulled me off the phones for an information session.
And tech support centers don't do things like that unless they are required to by law.
Dunno if you're being sarcastic or not, but I seriously had them refuse to sell me an AA battery, paying with cash, because I wouldnt give them all that info.
I said "man, I dont have time for this, I'm trying to catch a train. I just need a battery for my walkman "
And the guy said "Sir we cant sell anything without this information."
I put the cash on the counter and the battery in my pocket, and said "whatever keep the change" and the guy threatened to call the cops.
Radio Shack == fucked up.
I don't need no instructions to know how to rock!!!!
Being a Canadian, and being an advocate for privacy, I've always been fighting Banks and other companies about how they collect and 'store' my information without impacting my service. X Bank recently sent me a letter stating that if I didn't approve of their using my personal information, it could impact their ability to provide me services. (x = big non-customer focused bank).
I promptly forward this to the Privacy office who responded back in just a week to both me and the X Privacy Department that:
a) The Privacy Commission's opinion was that letter X sent to me implies that if I don't agree to let them collect information, I loose services. It then scolded X for forcing clients to agree to the new policy. Fork 1, X 0.
b) X was warned to revise the letter to adhere to the new policy. Fork 2, X 0.
c) X was to clarify their communications to the customers on what they mean by 'reduced services.' Fork 3, X 0
d) X was to inform their clients of this new policy ASAP and apologize to me. Fork 4, X 0.
X Bank has not contacted me to date (it's been four weeks). I closed my account with them today and informed the PC of the fact. When X bank asked why I was closing:
"Sir, before I close this account may I ask why you're closing it?"
"You don't know how to play the customer service game. The score is 4 to nothing."
"Excuse me sir? I don't understand the answer and I need to put in something"
"Fork 4, X 0 - put that in there"
Management is doing things right; leadership is doing the right things. - Peter F. Drucker
Is to vote with your wallet.
I'm talking mainly about the retailers who ask for name, address, phone number, email etc, when you try to buy something.
I went to Circuit City to buy a TV, took out enough cash to pay for it, walked in, told the guy which I wanted, and we walked to the little sales terminal. He asked "can I have your name and address?" And I said, "no, you can have $499 plus tax". He started telling me how the computer "requires" it.. Gimme a break.
What you need to do is know when to walk away. I grabbed a sales circular by the door on my way out (because Best Buy would match the price)..
In the states, I've noticed that Best Buy stopped asking, they must have got the message, for instance.
It wastes the clerks time, annoys customers, and the marketing value of the collected data would come nowhere close to the amount of cold, hard, stinky cash walking out the door.
It's just the tip of the privacy iceburg, sure, but it annoying, and a good place to start sending a message.
I don't need no instructions to know how to rock!!!!
I had a friend who used to give the name Ray Diosack (pronounce it) to Radioshack when they asked for his name. He would then procede to give the cashier the street address for the store he was in. Nobody ever commented on this fact. Anyway, he would laugh to himself about the bulk mailers that must show up at the store every month from Radio Shack to Ray Diosack.
He then went to a local computer shop called MicroCenter. As he was waiting in line he realized that this would work great for his little name game: Mike Rocenter... it even sounds like a real name. So anyway, he gets to the cashier full of excitement and gives the name Mike Rocenter. The cashier enters the name into the computer and says, with a straight face, "727 Memorial Drive"? This was, of course, the location of the store. Somebody else had given them the same fake name and address. Oh well, my friend sheepishly said yes and paid for his purchase.
--
RumorsDaily
In the uk we have the Data Protection Act (of 1984 and redone in '98 AFAIK) which lays down rules about how your data is handled. Companies etc that collect data on you must be registered and must keep your data secure from others. Also you have the right to view all the data that anyone holds on you and ensure its accurate (except in a few situations such as police investigation), you can even see emails/memos about you and cctv tapes (again AFIAK). Even my old school is registered. There are afew other things which i forget but you can read about here
This comment does not represent the views or opinions of the user.
Your SIN is private, right? HEH. Nope. Now it's linked in government databases to everything. As someone who once had complete and total access to several sensitive (welfare client info) government databases - and was challenged appropriately by only ONE of dozens of sysadmins - I don't trust the government to protect a pile of dog feces.
The personal details of all Canadian residents (not just citizens) are automatically classified as "Protected" and any department or agency worth their salt actually do take this sort of stuff seriously.
Any case of abuse (of people's personal data) does tend to result in being fired, period.
The federal government (outside CCRA) does avoid using SIN as much as possible because any document with that on it, has to be classified "Protected".
HRDC uses a fair bit, but as little as possible in what I've seen.
I've seen federal government forms that ask for only the last digit of your year of birth, in an attempt to prevent age decriminitation (if they don't know your actual age, they can't be accused of decriminiating based upon it) in the hiring process.
Honestly I have to say the Canadian federal government takes privacy seriously, it's an important Canadian value. Sure, some people see it as a hassle and more paperwork, but overall the vast majority do value the public's privacy and security.
BTW, do you know if there was an auditing on that database? Not all privacy enforcement is pro-active, to prevent being overly burdensome, but can flag and catch abusers. That technique is heavily used in medical privacy, and the medical files of celeberties.
someone smarter than me said it better than me... the border between canada and the us is a one way mirror: americans look north and see themselves, canadians look south and see everything they are not
americans think of canadians as cute little fuzzy americans who got lost in an ice box... they tend to think of canadians patronizingly, paternalistically, if they even think of canadians at all
canadians think of americans as scary warmongering orwellian pseudofascists a half heart beat away from doing something really scary that canada has to worry about... they tend to emphasize their differences with americans as much as humanly possible, and they tend to think about their relationship with america alot
as an american, all i can say is the maple leaf state sure is a cold lonely place (chuckle)
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I'm from Canada and two weeks ago my employer held a seminar regarding PIPEDA and what it means.
The ramifications of it are quite enormous though as someone pointed out, it isn't retroactive. Canadian lawyers will make a killing as contracts are established/renewed will need to ensure that privacy is taken into account.
There are a few interesting twists to it, though. For example, my company is planning on implementing a very strict policy regarding PIPEDA. But I am currently outsourced working at a client's site. The policy that I will have to follow will be the one that my client implements.
I was also told that there are looser stipulations for international business. So if I'm doing business with an American resident, and the United States doesn't have a similar law, then I am not required BY LAW to follow my company's privacy policy.
It'll be interesting to see how the government tweaks this in the future. I am very happy that something like this is finally in place.
Did you just attend the Security and Privacy conference in Victoria yesterday? I hope you didn't just horribly mislead the Slashdot hordes by citing the dates off the top of your uninformed head instead of basic research. (This conference had discussion about various privacy legislation.)
1 5_e.asp
Specifically, the federal Privacy Act came into effect July 1, 1983, the federal PIPEDA (Personal Information Protection and Electronic Documents Act) came into effect January 1, 2001, and the BC provincial PIPA (Personal Information Privacy Act) came into effect January 1, 2004. What it is important is that "[a]s of January 1, 2004, the [Personal Information Protection and Electronic Documents] Act will cover the collection, use or disclosure of personal information in the course of any commercial activity within a province, including provincially regulated organizations. The federal government may exempt organizations or activities in provinces that have their own privacy laws if they are substantially similar to the federal law." PIPEDA has been in place for a few years now, it just got extended to corporatations; BC now has their own overriding legislation as well.
See here for more details:
http://www.privcom.gc.ca/fs-fi/02_05_d_
I also thought your post was a horrible summary of the various pieces of legislation and their consequences, but that's just my opinion. I'd suggest next time using the official government propoganda. Even your first sentence managed to probably be incorrect--PIPA (and probably PIPEDA, I'm not sure) does protect your personal information that is public as well, in terms of reasonable use (i.e. I believe telemarketers aren't allowed to go through the telephone directory).
Regards,
Casper
Yeah, it is truly bizarre -- if the business is making money off the product.
Sometimes, the business is making -- or plans to make -- the majority of its money off selling your name or your "eyeballs" (viewership).
Some MBA has convinced ShopShack that the real money is in selling its customers to other businesses, and MBAstard realizes that you just want to make the purchase and get on with your life. So a policy is made that the shop won't sell without getting your information, wagering that, having waited in the check-out line, rather than go to the trouble to buy elsewhere, you'll just do as you're told like a good little consumer.
The only effective response to this is to make the cost of doing this as high as possible for the business by
It's not easy, and it's not convenient, but if you want to keep your privacy, you need to make it uncomfortable and costly for those who want to take it from you. make it costly enough, and the stores will stop doing this crap.
Opinions on the Twiddler2 hand-held keyboard?
Here's an interesting example of how this law is already having unforseen effects.
Guy calls the bank to activate his new credit card. At the beginning of the call he gets the obligatory "This call may be mointored for quality assurance purposes" message. The guy complains that he doesn't want to have his call monitored. The bank says well if you don't like it you can jam your card where the sun don't shine. Guy complains to the privacy commissioner. The privacy comissioner rules in favour of the guy and decrees that banks cannot monitor calls without consent as it violates our fabulous new privacy laws.
The upshot? It's now much easier for theives and fraudsters to steal credit cards from mailboxes and activate and use them. The bank is no longer allowed to record what phone number is used to register the card, and if the fraudster has obtained other personal information about you (or fraudently applied for the card in your name) you and the bank are screwed. Go privacy!
I've registered my name in the phone book as my first initial of first two names and then my last name. I.e. H. J. Simpson. Since nobody actually calls me H. J., but prefers to use my real name (Homer), every time I get a call for my "telephone name," I know it's a telemarketer. Same thing goes for addressed mail. Haven't opened a piece of junk mail in years.
Condemnant quod non intellegunt.
Parking lot complaints
825 complaints in 18 months in one city against one company. The data was sold by the government to the parking company.
Vip
Thanks a lot.. ..by just leaving the Bank, you've basically given up your right to complain further on the matter. Had you stayed with them and made repeated requests to the Privacy Commissioner for your deserved apology, the bank would have continued to be letter slapped until it turned into government imposed fines.. which would have gotten their attention and possibly improved customer service for everyone.
I know, not your responsibility, but it would have been nice for other folks having to deal with these guys.
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze