Privacy laws and their impact on research
1 / 21

Name of presenter(s) or subtitle - PowerPoint PPT Presentation

  • Uploaded on

Privacy laws and their impact on research. David W. Stark. Name of presenter(s) or subtitle. MRIA B.C. Chapter November 2, 2005. Privacy laws and their impact on research. Agenda. Privacy legislation overview Canadian & U.S. laws Compliance: is it working? Industry implications

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Name of presenter(s) or subtitle' - azizi

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Name of presenter s or subtitle

Privacy laws and their impact on research

David W. Stark

Name of presenter(s) or subtitle

MRIA B.C. Chapter

November 2, 2005

Privacy laws and their impact on research

Privacy laws and theirimpact on research


  • Privacy legislation overview

    • Canadian & U.S. laws

  • Compliance: is it working?

  • Industry implications

  • Helpful resources

  • Q&A

Privacy legislation overview
Privacy legislation overview

  • Freedom of Information Access

  • Privacy and Protection of Personal Data

Freedom of Information Act – U.S.

Access to Info. Act - Canada

Privacy Legislation - Quebec

Privacy Act - Canada

Privacy Act – U.S.

EU Privacy Directive



Safe Harbor – U.S.











Canadian laws
Canadian laws

Federal regulations

  • Competition Act (1985; rev. 1999 and 2001)

  • CRTC Telemarketing Rules (1994; rev. 2004)

  • PIPEDA (2001-2004)

    • Comprehensive law affecting all industries in private sector

  • Bill C-37 (2005?)

    • Would establish a national do-not-call registry

  • Anti-spam legislation (2006?)

Canadian laws1
Canadian laws

Provincial regulations

  • Personal information protection acts

    • Quebec (1995)

    • Alberta (2004)

    • British Columbia (2004)

  • Personal health information acts

    • Alberta, Saskatchewan, Manitoba and Ontario

U s laws
U.S. laws

Federal Regulations

  • Telephone Consumer Protection Act (1991)

  • Telemarketing Sales Rule (1996)

  • Health Insurance Portability and Accountability Act (1996)

  • Financial Modernization Act (Graham-Leach-Bliley) (1999)

  • Children’s Online Privacy Protection Act (2000)

  • USA PATRIOT Act (2001)

  • CAN-SPAM Law (2003)

U s laws1
U.S. laws

Federal Regulations

  • Federal Trade Commission Act (Section 5)

    • Obligation to abide by one’s posted privacy policies

  • Eavesdropping and Taping Laws (FCC)

    • Telephone interviewing, focus groups

U s laws2
U.S. laws

State Regulations

  • Anti-spam laws

  • Do-not-call laws and lists

  • California’s Online Privacy Protection Act (CA OPPA)

    • Must post privacy policy on website if collecting personally-identifiable information from CA residents.

  • California (Senate Bill 1386)

    • Must notify state residents of actual or suspected breach of unencrypted data

U s laws3
U.S. laws

State Regulations

  • Other states passing legislation similar to California’s privacy laws

  • 28 pending bills in 17 states that would regulate offshoring of personal information

    • Offshoring of state contracts

    • Disclosure of location and name of call centre

    • Prohibition against sending PII to non-U.S. recipients

What s driving consumer privacy laws
What’s driving consumer privacy laws?

  • Most privacy regulations enacted since early 1990s

  • Coincides with digital information age

    • Databases of PII that can be manipulated and moved offshore at click of a button

  • Public opinion

  • Identity theft

    • “fastest growing crime in the nation” - FTC

  • Outsourcing offshore

Compliance in canada
Compliance in Canada

  • Low awareness of PIPEDA and provincial privacy laws

  • Federal Privacy Commissioner has treated offending organizations with kid gloves

  • Commissioner’s Office understaffed

  • Still, in general, Canadian firms seem to be more privacy-conscious than their U.S. counterparts

Compliance in the united states
Compliance in the United States

  • Patchwork of privacy laws difficult for organizations

  • Multinationals would prefer a national privacy law (similar to PIPEDA)

  • FTC names offending organizations on its website

  • Private right of action in many U.S. laws gives rise to class action suits

  • EU study suggests several U.S. firms on Safe Harbor list are not in compliance

Industry implications1
Industry implications

  • Third-party disclosures

    • Clients’ customer lists

    • Sharing respondents’ personally-identifiable information with clients

    • List brokers / sample providers

    • Qualitative research: recruiter, moderator, facility

  • Online research

    • Explicit opt-in consent

    • ISP shutdowns


research client

research supplier

Industry implications2
Industry implications

  • Data security and retention

    • Physical, electronic and organizational

    • Minimum and maximum retention periods

  • International data flows

    • U.S. state laws could impact Canadian call centres and data processing firms

    • Main motive of these laws is protectionism (many U.S. jobs have been outsourced to low-wage countries)

Industry implications3
Industry implications

  • Contracts with clients that include indemnities and privacy protection clauses

  • Increasing number of clients require completion of comprehensive privacy assessment forms

  • Research is becoming more difficult to conduct

Helpful resources1
Helpful resources

  • Federal Privacy Commissioner’s website


  • International Association of Privacy Professionals


  • Nymity (privacy consulting firm)


  • MRIA Privacy Protection Handbook (formerly CAMRO)

Thank you
Thank you


Tel.: (416) 924-5751