A version of this paper was also presented to the County of Carleton Law Association, 27th Civil Litigation Conference, November 2007, in Montebello, Quebec.

Consumers appreciate that the company holding very sensitive personal information, takes steps to ensure that the person they are talking to over the phone or on-line is the account holder, no someone fishing or worse, phishing, for personal information that they are not entitled to have.

Last week, the Office of the Privacy Commissioner ("OPC") released its decision regarding two separate complaints against two different law firms that conducting credit checks on individuals without their knowledge and consent.

The Federal Privacy Commissioner who overseas the federal privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA) is seeking public input into Parliament's review of the legislation this Fall.

Since September 11th, the Office of the Privacy Commissioner of Canada (the "OPC") reports the significant increase in the deployment of video-surveillance in public places – and not just airports, border crossings and high-security areas such as Parliament Hill.

Recently I came home to a voice mail message from my bank, "please contact us Ms Allinson."

I called the number provided and, to start, I was a little disturbed that I wasn’t being asked to provide my account number and answer the usual long list of questions such as my mother’s maiden name, my pet’s name, my date of birth and so on, to ensure that I am who I claimed to be. Clearly, the bank had been anticipating my call.

Outsourcing credit card operations to the U.S. may create risks to Canadians under the U.S. Patriot Act

Religious organizations and charitable organizations may be going overboard in their efforts to comply with the federal privacy legislation at the expense of their spiritual or philanthropic work.

The Alberta Privacy Commissioner, Frank Work, recently found a regional library had violated an employee’s privacy rights by installing keystroke logging software on his computer. Dan Armeneau brought his complaint after his employment was terminated as a computer technician.

Currently, in Canada, it is a violation of the Personal Information Protection and Electronic Documents Act, (PIPEDA) for a business to disclose personal information about a consumer for purposes other than that to which they consented when the information was collected.

You'll be scraching your head a little over this recent decision of the Federal Assistant Privacy Commissioner

Chaired by Industry Canada, a Task Force on Spam was established bringing together experts and key stakeholders representing ISPs, Canadian businesses that use email to conduct legitimate commercial activities and consumers.

Relying on a business email address obtained from a publicly-available directory to solicit business on-line is a breach of Federal privacy legislation according to the Assistant Privacy Commissioner to a number of recent decisions.

At the Treasury Board's Sixth Annual Access to Information and Privacy Conference, held last week in Ottawa, Federal Privacy Commissioner, Jennifer Stoddart warned that privacy legislation and policy responses are not keeping pace with other government initiatives to increase its powers of surveillance through legislation and technology.

A 2002 Ernst & Young survey reveals that, although over 90% of Canada's leading entrepreneurs say that protecting their company's reputation is of paramount concern, only 42% have identified poor corporate governance as part of that risk.

A long and well-kept commercial "secret", of sorts, was recently brought into the public domain by Liberal back bencher Lorenzo Berardinetti. Until recently married, and shopping for clothes with his wife, Berardinetti did not notice that a men's suit cost 30 per cent less than a similar women's outfit by the same designer.

Telemarketing, the marketing medium that employs over 270,000 Canadians and generates more than $16 billion in sales last year is about to be hit by legislation that will create a national "Do Not Call" list in Canada.

After my column on February 17th, Privacy starts with credit card, I received a number of phone calls from readers who found that the majority of their credit card receipts showed all 16-digits of their credit card.

PIPEDA has been in force for almost 14 months and, yet, most retailers' business practices have not changed how their customers' personal information is handled....

Since starting this column, I have received several inquiries from union representatives asking what is permissible collection and use of employee information by the employer under the Federal privacy legislation....

Technology originally devised to protect the copyright of on-line music and other creative works from unauthorized use now has the capability of tracking downloads and monitoring use, even when this use has been authorized...

With the resounding win of George W. Bush to a second term as U.S. President, privacy advocates in the U.S. and Canada may be fighting a losing battle in advocating civil liberties and individual rights over personal information in the face of long-arm statutes such as the USA Patriot Act..

Last Thursday, attendees at the 2004 HIPA Symposium, held at the London Convention Centre had a rare opportunity for some quality time with Ontario's Assistant Privacy Commissioner ("IPC")...

Based on the articles and literature written about the Federal privacy legislation, PIPEDA, most would not know that the Act also applies to personal health information

Last week, I introduced the Personal Information Protection Act and Quality of Care Information Protection Act, collectively referred to as the Health Information Protection Act or "HIPA"...

Most people are aware of Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA"), that was enacted in 2001, but came into force in a series of stages, the last of which was for the private sector in January 2004.

A March 2004 article in “InformationWeek”, told of 200,000 GMAC Insurance customers who were notified that they could become victims of identify theft because of the theft of two laptop computers from an employee’s car in the U.S...

The impact of Wal-Mart's announcement to the consumer goods industry last year that its top 100 suppliers employ RFID technology in its products by 2005 sent a shudder through manufacturers and privacy advocates alike.

In June 2003, Wal-Mart announced that its 100 largest suppliers must be able to implement Radio Frequency Identification (RFID) at the pallet and case level by 2005.

When the Health Information Protect Act (HIPA) comes into force in November, it will govern Ontarian’s personal health information that were not covered by PIPEDA.

The Ontario Minister of Health and Long-Term Care has invited the public to comment on proposed regulations for the Personal Health Information Protection Act (PHIPA) and Quality of Care Information Protection Act (QCIPA).

As organizations involved in commercial activities, franchises that obtain personal information in the course of transactions with consumers are now accountable for the handling of that personal information.

Although PIPEDA may still seem burdensome to the retailer or small business, it is important to think of the flip side. In this age where protection of personal information is so important to consumers, whom do you think your customer wants to take his or her business?

 In an age where most business communications occur via computer, what does federal privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), which took effect Jan. 1, have to do with monitoring employee telephone and computer use? Under PIPEDA, personal information is defined as any information identifiable to the individual. This includes audio recordings of the individual's telephone calls, as well as Internet surfing and downloading activity.

Are you concerned about employee theft of company or other employees' property? Have there been a few acts of vandalism to cars in the employee parking lot and you want to install security cameras? What about monitoring employee phone calls or computer use during company time? What has the federal privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA) got to do with surveillance?

As businesses and non-profit organizations rush to comply with the new legislation, a number of misconceptions about their obligations under the act are emerging. Here are a few misconceptions and clarifications.

What obligation does a business have to a customer who requests access to their information or complains about the personal information handling practices of the business? What happens if the business cannot deliver the information requested by the customer, or if it refuses to respond to a customer request that leads to a complaint?

The fourth, most important step is implementation of the PIPEDA-compliant privacy policy and procedure. Implementation can be summarized in three words: comm unication, education and follow-through.

The next move is to draft a privacy policy and procedure that reflects the principles of PIPEDA. If your business already has a privacy policy, it should be reviewed and, if necessary, redrafted to respond to PIPEDA's requirements.

Once your business has designated a "go-to" person, the next step to getting your business compliant with PIPEDA is to perform a personal information assessment.

The legislation is mandating every business and organization to examine its current practice of handling personal information about its customers or data subjects (if the business collects and markets lists of personal information to third parties).

Effective January 1, 2004, the Personal Information Protection and Electronic Documents Act (PIPEDA) will become law in Ontario. Any organization that collects, uses or discloses personal information in the course of commercial activities will be required to comply with PIPEDA