1 / 21

Name of presenter(s) or subtitle

Privacy laws and their impact on research. David W. Stark. Name of presenter(s) or subtitle. MRIA B.C. Chapter November 2, 2005. Privacy laws and their impact on research. Agenda. Privacy legislation overview Canadian & U.S. laws Compliance: is it working? Industry implications

azizi
Download Presentation

Name of presenter(s) or subtitle

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy laws and their impact on research David W. Stark Name of presenter(s) or subtitle MRIA B.C. Chapter November 2, 2005

  2. Privacy laws and theirimpact on research

  3. Agenda • Privacy legislation overview • Canadian & U.S. laws • Compliance: is it working? • Industry implications • Helpful resources • Q&A

  4. Privacy legislation overview • Freedom of Information Access • Privacy and Protection of Personal Data Freedom of Information Act – U.S. Access to Info. Act - Canada Privacy Legislation - Quebec Privacy Act - Canada Privacy Act – U.S. EU Privacy Directive PIPEDA - Canada Safe Harbor – U.S. PIPA - AB & BC 1994 1966 1980 1985 1998 2000 1974 2001-2004

  5. Canadian laws Federal regulations • Competition Act (1985; rev. 1999 and 2001) • CRTC Telemarketing Rules (1994; rev. 2004) • PIPEDA (2001-2004) • Comprehensive law affecting all industries in private sector • Bill C-37 (2005?) • Would establish a national do-not-call registry • Anti-spam legislation (2006?)

  6. Canadian laws Provincial regulations • Personal information protection acts • Quebec (1995) • Alberta (2004) • British Columbia (2004) • Personal health information acts • Alberta, Saskatchewan, Manitoba and Ontario

  7. U.S. laws Federal Regulations • Telephone Consumer Protection Act (1991) • Telemarketing Sales Rule (1996) • Health Insurance Portability and Accountability Act (1996) • Financial Modernization Act (Graham-Leach-Bliley) (1999) • Children’s Online Privacy Protection Act (2000) • USA PATRIOT Act (2001) • CAN-SPAM Law (2003)

  8. U.S. laws Federal Regulations • Federal Trade Commission Act (Section 5) • Obligation to abide by one’s posted privacy policies • Eavesdropping and Taping Laws (FCC) • Telephone interviewing, focus groups

  9. U.S. laws State Regulations • Anti-spam laws • Do-not-call laws and lists • California’s Online Privacy Protection Act (CA OPPA) • Must post privacy policy on website if collecting personally-identifiable information from CA residents. • California (Senate Bill 1386) • Must notify state residents of actual or suspected breach of unencrypted data

  10. U.S. laws State Regulations • Other states passing legislation similar to California’s privacy laws • 28 pending bills in 17 states that would regulate offshoring of personal information • Offshoring of state contracts • Disclosure of location and name of call centre • Prohibition against sending PII to non-U.S. recipients

  11. What’s driving consumer privacy laws? • Most privacy regulations enacted since early 1990s • Coincides with digital information age • Databases of PII that can be manipulated and moved offshore at click of a button • Public opinion • Identity theft • “fastest growing crime in the nation” - FTC • Outsourcing offshore

  12. Compliance: is it working?

  13. Compliance in Canada • Low awareness of PIPEDA and provincial privacy laws • Federal Privacy Commissioner has treated offending organizations with kid gloves • Commissioner’s Office understaffed • Still, in general, Canadian firms seem to be more privacy-conscious than their U.S. counterparts

  14. Compliance in the United States • Patchwork of privacy laws difficult for organizations • Multinationals would prefer a national privacy law (similar to PIPEDA) • FTC names offending organizations on its website • Private right of action in many U.S. laws gives rise to class action suits • EU study suggests several U.S. firms on Safe Harbor list are not in compliance

  15. Industry implications

  16. Industry implications • Third-party disclosures • Clients’ customer lists • Sharing respondents’ personally-identifiable information with clients • List brokers / sample providers • Qualitative research: recruiter, moderator, facility • Online research • Explicit opt-in consent • ISP shutdowns customer research client research supplier

  17. Industry implications • Data security and retention • Physical, electronic and organizational • Minimum and maximum retention periods • International data flows • U.S. state laws could impact Canadian call centres and data processing firms • Main motive of these laws is protectionism (many U.S. jobs have been outsourced to low-wage countries)

  18. Industry implications • Contracts with clients that include indemnities and privacy protection clauses • Increasing number of clients require completion of comprehensive privacy assessment forms • Research is becoming more difficult to conduct

  19. Helpful resources

  20. Helpful resources • Federal Privacy Commissioner’s website • www.privcom.gc.ca • International Association of Privacy Professionals • www.privacyassociation.org • Nymity (privacy consulting firm) • www.nymity.com • MRIA Privacy Protection Handbook (formerly CAMRO)

  21. Thank you E-mail: david.stark@tns-global.com Tel.: (416) 924-5751

More Related