Slashdot Mirror
Canadian Privacy Act
Nos. writes "Yesterday, I happened upon an Act that came into effect in Canada on January 1, 2004. The Personal Information Protection and Electronic Documents Act protects almost every bit of personal information not publicly available. For example, your name, race, date of birth, income, etc. are protected where your address and telephone number are not (these are generally available in the telephone book). Some of the more interesting parts of the faq include such wonderful things as: '[businesses must] supply you with a product or a service even if you refuse consent for the collection, use or disclosure of your personal information unless the information is essential to the transaction'. Definitely a step in the right direction."
...this conincides with the Canadian recording industry going after users.
Am I the only one who just spits out a random string of numbers when they ask for phone number or zip code info at the checkout?
This looks like a good thing. However, in a quick glance-through of the act, I didn't see anything dealing with information already collected.
Or if governmental agencies' practices are also influenced by the act.
RD
Sure, we laughingly call it "America Junior," but when it comes to privacy rights America Jr. has it all over Big Brother.
For me being an American! Where our rights to privacy are honored and upheld by the great - hey, wait a minute.....
This could outlaw "drive-by" installs of spyware in Canada.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
are two different things. Ie, here in Germany we have very tough laws with regard to your personal information and how it must be handled by businesses and the government. It's called "Datenschutz" and the CCC (Chaos Computer Club, you know: Blinkenlights) is a big lobbiest for Datenschutz.
Unfortunately the laws and procedures are broken every day, simply because it's so easy to do. It's very rare that somebody publicly complains when personal privacy is jeopardized and even when somebody cries foul, the public doesn't care.
Free Manning, jail Obama.
For example, your name, race, date of birth, income, etc. are protected where your address and telephone number are not.
How are they going to call you without your name?
I actually had to sign one of these statements at work & deal with this whenever I see the doctor/dentist/etc.
It seems that information already collected must be dealt with according to the act. Just because you collected it last year, doesn't mean you don't need consent to use it this year. Actually, my Dentist made me sign a form for them to share/get information with outside labratories.
===> An eye for an eye makes everyone blind - MG
I was at a Honda dealer trying to get service for my car, and when they asked for my address, I told them I didn't want any junk mail.
They were flustered. They said there was no way to put me into the system without getting on a marketing list. Eventually I gave them a fake address.
Go Canada. Stop this abuse.
Why is everyone asking if this is real? Do you think there are no laws in canada?
My employer has been spending a few weeks getting all ouf our information complaint with this act, and pulled me off the phones for an information session.
And tech support centers don't do things like that unless they are required to by law.
Dunno if you're being sarcastic or not, but I seriously had them refuse to sell me an AA battery, paying with cash, because I wouldnt give them all that info.
I said "man, I dont have time for this, I'm trying to catch a train. I just need a battery for my walkman "
And the guy said "Sir we cant sell anything without this information."
I put the cash on the counter and the battery in my pocket, and said "whatever keep the change" and the guy threatened to call the cops.
Radio Shack == fucked up.
I don't need no instructions to know how to rock!!!!
Being a Canadian, and being an advocate for privacy, I've always been fighting Banks and other companies about how they collect and 'store' my information without impacting my service. X Bank recently sent me a letter stating that if I didn't approve of their using my personal information, it could impact their ability to provide me services. (x = big non-customer focused bank).
I promptly forward this to the Privacy office who responded back in just a week to both me and the X Privacy Department that:
a) The Privacy Commission's opinion was that letter X sent to me implies that if I don't agree to let them collect information, I loose services. It then scolded X for forcing clients to agree to the new policy. Fork 1, X 0.
b) X was warned to revise the letter to adhere to the new policy. Fork 2, X 0.
c) X was to clarify their communications to the customers on what they mean by 'reduced services.' Fork 3, X 0
d) X was to inform their clients of this new policy ASAP and apologize to me. Fork 4, X 0.
X Bank has not contacted me to date (it's been four weeks). I closed my account with them today and informed the PC of the fact. When X bank asked why I was closing:
"Sir, before I close this account may I ask why you're closing it?"
"You don't know how to play the customer service game. The score is 4 to nothing."
"Excuse me sir? I don't understand the answer and I need to put in something"
"Fork 4, X 0 - put that in there"
Management is doing things right; leadership is doing the right things. - Peter F. Drucker
Is to vote with your wallet.
I'm talking mainly about the retailers who ask for name, address, phone number, email etc, when you try to buy something.
I went to Circuit City to buy a TV, took out enough cash to pay for it, walked in, told the guy which I wanted, and we walked to the little sales terminal. He asked "can I have your name and address?" And I said, "no, you can have $499 plus tax". He started telling me how the computer "requires" it.. Gimme a break.
What you need to do is know when to walk away. I grabbed a sales circular by the door on my way out (because Best Buy would match the price)..
In the states, I've noticed that Best Buy stopped asking, they must have got the message, for instance.
It wastes the clerks time, annoys customers, and the marketing value of the collected data would come nowhere close to the amount of cold, hard, stinky cash walking out the door.
It's just the tip of the privacy iceburg, sure, but it annoying, and a good place to start sending a message.
I don't need no instructions to know how to rock!!!!
I had a friend who used to give the name Ray Diosack (pronounce it) to Radioshack when they asked for his name. He would then procede to give the cashier the street address for the store he was in. Nobody ever commented on this fact. Anyway, he would laugh to himself about the bulk mailers that must show up at the store every month from Radio Shack to Ray Diosack.
He then went to a local computer shop called MicroCenter. As he was waiting in line he realized that this would work great for his little name game: Mike Rocenter... it even sounds like a real name. So anyway, he gets to the cashier full of excitement and gives the name Mike Rocenter. The cashier enters the name into the computer and says, with a straight face, "727 Memorial Drive"? This was, of course, the location of the store. Somebody else had given them the same fake name and address. Oh well, my friend sheepishly said yes and paid for his purchase.
--
RumorsDaily
Your SIN is private, right? HEH. Nope. Now it's linked in government databases to everything. As someone who once had complete and total access to several sensitive (welfare client info) government databases - and was challenged appropriately by only ONE of dozens of sysadmins - I don't trust the government to protect a pile of dog feces.
The personal details of all Canadian residents (not just citizens) are automatically classified as "Protected" and any department or agency worth their salt actually do take this sort of stuff seriously.
Any case of abuse (of people's personal data) does tend to result in being fired, period.
The federal government (outside CCRA) does avoid using SIN as much as possible because any document with that on it, has to be classified "Protected".
HRDC uses a fair bit, but as little as possible in what I've seen.
I've seen federal government forms that ask for only the last digit of your year of birth, in an attempt to prevent age decriminitation (if they don't know your actual age, they can't be accused of decriminiating based upon it) in the hiring process.
Honestly I have to say the Canadian federal government takes privacy seriously, it's an important Canadian value. Sure, some people see it as a hassle and more paperwork, but overall the vast majority do value the public's privacy and security.
BTW, do you know if there was an auditing on that database? Not all privacy enforcement is pro-active, to prevent being overly burdensome, but can flag and catch abusers. That technique is heavily used in medical privacy, and the medical files of celeberties.
I'm from Canada and two weeks ago my employer held a seminar regarding PIPEDA and what it means.
The ramifications of it are quite enormous though as someone pointed out, it isn't retroactive. Canadian lawyers will make a killing as contracts are established/renewed will need to ensure that privacy is taken into account.
There are a few interesting twists to it, though. For example, my company is planning on implementing a very strict policy regarding PIPEDA. But I am currently outsourced working at a client's site. The policy that I will have to follow will be the one that my client implements.
I was also told that there are looser stipulations for international business. So if I'm doing business with an American resident, and the United States doesn't have a similar law, then I am not required BY LAW to follow my company's privacy policy.
It'll be interesting to see how the government tweaks this in the future. I am very happy that something like this is finally in place.