February 19, 2020
At Koskie Minsky LLP we recognize the increasing demands being placed on our clients in an ever growing digital age. Over the years we have advised clients with respect to issues of privacy and data collection, but as this area becomes ever so more complex we have taken steps to formalize our efforts in order to better serve our clients.
With expertise in union side labour law, employment law services for employees and non-unionized employers, pension law, construction law and litigation, we are keenly positioned to assist with various privacy and data-protection issues that you may face on a day-to-day basis.
You may be asking yourself: Do I really need to be concerned with privacy?
With any operation there are many moving parts that require the collection, storage and use of personal information. While this information is essential to the work you do, what often gets overlooked are the rules and regulations with respect to the collection and use of that information.
At the highest level, how the federal government handles personal information, including information it collects about individuals and your business, is covered by the Privacy Act. In addition, the various provinces, including Ontario, have enacted legislation with respect to how personal information held by Ontario public institutions is protected.
In June 2019, the Information and Privacy Commissioner of Ontario (“IPC”) released its 2018 annual report, Privacy and Accountability for a Digital Ontario, in which Ontario’s Information and Privacy Commissioner, Brian Beamish, calls for the modernization of Ontario’s privacy laws to address the risks posed by the increasing use of digital technologies.
Similarly, private organizations are governed by the Personal Information Protection and Electronic Documents Act (“PIPEDA”), which is the federal privacy law. PIPEDA sets out the framework and ground rules for how business, such as yours, must handle personal information in the course of their commercial activity. In addition to PIPEDA, various provinces have adopted privacy laws that are either substantially similar to or impose a higher standard than that under the federal regulation.
As well, some provinces have passed privacy laws that apply to employee information, health related matters, freedom of information request, municipal freedom of information and so forth.
In addition to these statutory frameworks, Canadian common law also establishes various privacy rights, which are enforceable by the courts. In 2012, the Ontario Court of Appeal in Jones v Tsige, held that there exists at common law a right to personal privacy and identified the breach of same as being the “tort of intrusion upon seclusion”. As well, the tort of appropriation of personality has been recognized by that court in other cases.
Against the backdrop of the foregoing and given the increasing global attention being afforded to the protection of personal information, especially through the stringent standards under the European legislation, General Data Protection Regulation (“GDRP”) which came into force on May 25, 2018, and which has had and will continue to have far reaching implications for those doing business in Canada, we are likely soon to see a tightening of privacy laws here at home.
As privacy concerns and data protection increasingly become key concerns for our clients, our lawyers have experience to advise you on compliance matters involving the application of privacy and data protection legislation to you, your clients, employees, union members, pension trustees and plan administrators, and beneficiaries, to name a few, including responses to Freedom of Information and Protection of Privacy requests.
If you have any questions or concerns about your privacy obligations or to engage our services for a privacy check-up, please contact one of our privacy lawyers.
Philip E. Graham