1 / 23

Name of presenter(s) or subtitle

Privacy one year later Compliance and industry issues in Canada and the United States. David W. Stark. Name of presenter(s) or subtitle. MRIA Alberta Chapter January 20, 2005. Privacy one year later. Agenda. Privacy legislation overview Compliance: is it working? Industry implications

ady
Download Presentation

Name of presenter(s) or subtitle

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy one year laterCompliance and industry issues in Canada and the United States David W. Stark Name of presenter(s) or subtitle MRIA Alberta Chapter January 20, 2005

  2. Privacy one year later

  3. Agenda • Privacy legislation overview • Compliance: is it working? • Industry implications • Helpful resources • Q&A

  4. Privacy legislation overview • Freedom of Information Access • Privacy and Protection of Personal Data Freedom of Information Act – U.S. Access to Info. Act - Canada Privacy Legislation - Quebec Privacy Act - Canada Privacy Act – U.S. EU Privacy Directive PIPEDA - Canada Safe Harbor – U.S. PIPA - AB & BC 1994 1966 1980 1985 1998 2000 1974 2001-2004

  5. Canadian approach to privacy Federal regulations • Competition Act (1985; rev. 1999 and 2001) • CRTC Telemarketing Rules (1994; rev. 2004) • PIPEDA (2001-2004) • Comprehensive law affecting all industries in private sector • Bill C-37 (2005?) • Would establish a national do-not-call registry • Anti-spam legislation (2005?)

  6. Canadian approach to privacy Provincial regulations • Personal information protection acts • QC, AB, BC • Personal health information acts • AB, SK, MB, ON • With PIPEDA and its provincial counterparts, Canada’s privacy frame-work is closer to Europe than U.S.

  7. U.S. approach to privacy – sectoral Federal regulations • Video Privacy Protection Act (1988) • Telephone Consumer Protection Act (1991) • Driver’s Privacy Protection Act (1994) • Telemarketing Sales Rule (1996)

  8. U.S. approach to privacy – sectoral Federal regulations • Health Insurance Portability and Accountability Act (1996) • Financial Modernization Act (Graham-Leach-Bliley) (1999) • Children’s Online Privacy Protection Act (2000) • CAN-SPAM Law (2003)

  9. U.S. approach to privacy – sectoral Federal regulations • Eavesdropping and Taping Laws (FCC) • Telephone interviewing, focus groups • Federal Trade Commission Act (Section 5) • Obligation to abide by one’s posted privacy policies

  10. U.S. approach to privacy – sectoral State regulations • Anti-spam laws • Do-not-call laws and lists • Telephone curfew laws • Eavesdropping and taping • California’s Online Privacy Protection Act (CA OPPA) • Must post privacy policy on website if collecting personally-identifiable information from CA residents.

  11. What’s driving consumer privacy laws? • Most privacy regulations enacted since early 1990s • Coincides with digital information age • Databases of PII that can be manipulated and moved offshore at click of a button • Public opinion • Greater intrusion into consumers’ lives – want to be left alone • Outsourcing offshore

  12. Compliance: is it working?

  13. Compliance in Canada • Low awareness of PIPEDA and provincial privacy laws • Federal Privacy Commissioner has treated offending organizations with kid gloves • Commissioner’s Office understaffed • Still, in general, Canadian firms seem to be more privacy-conscious than their U.S. counterparts

  14. Compliance in the United States • Patchwork of privacy laws difficult for organizations • Multinationals would prefer a national privacy law (similar to PIPEDA) • FTC names offending organizations on its website • Private right of action in many U.S. laws gives rise to class action suits • EU study suggests several U.S. firms on Safe Harbor list are not in compliance

  15. Industry implications

  16. Industry implications • Third-party disclosures • Clients’ customer lists • Respondent PII shared with clients • List brokers / sample providers • Qualitative research: recruiter, moderator, facility • Online research • Explicit opt-in consent • Must not spoof message headers • ISP shutdowns customer research client research supplier

  17. When research firm (RF) sends invitation from its domain… • From: RF on behalf of CLIENT <xxxxxx@RF.com> • To: Rebecca Smith <rsmith@yahoo.com> • Subject: Complete CLIENT’s survey and receive a special • offer for your time • Date: Fri, 12 Nov 2004 10:51:10 -0500  MUST NOT SPOOF MESSAGE!! • From: CLIENT <surveys@CLIENT.com> • To: Rebecca Smith <rsmith@yahoo.com> • Subject: Complete CLIENT’s survey and receive a special • offer for your time • Date: Fri, 12 Nov 2004 10:51:10 -0500 

  18. Industry implications • Data security and retention • Physical, electronic and organizational • Minimum and maximum retention periods • International data flows • U.S. state laws could impact Canadian call centres and outsourcing overseas • One motive of these laws is protectionism (many U.S. jobs have been outsourced to low-wage countries)

  19. Industry implications • Contracts with clients that include indemnities and privacy protection clauses • Increasing number of multinational clients require completion of comprehensive privacy assessment forms • Research is becoming more difficult to conduct

  20. Helpful resources

  21. Helpful resources • Federal Privacy Commissioner’s website • www.privcom.gc.ca • International Association of Privacy Professionals • www.privacyassociation.org • Nymity (privacy consulting firm) • www.nymity.com • CAMRO Privacy Protection Handbook

  22. Helpful resources • CAMRO Privacy Protection Handbook • CD-ROM Version 1.0 released October, 2003 • 40 sold to date • Over 90 pages of advice • Includes legal agreements prepared by privacy lawyer (Brian Bowman, Pitblado) • Version 2.0 to be MRIA-branded and issued soon • Includes expanded policy section and appendices unique to qual. research

  23. Thank you E-mail: david.stark@tns-global.com Tel.: (416) 924-5751

More Related