Can who keep a secret about what?
The echoing anthem first struck in the 1980s by The Police continues to reverberate, “Every breath you take/And every move you make/Every bond you break, every step you take/I’ll be watching you”… And Somebody Will Be!
Can you keep a secret? Correct answer is that depends on the secret and circumstances and, most importantly, the person who has the secret. And avoids the real question, which is what is a secret and why?
And You, ‘Go Huh But you Called Me!’
Your phone rings at home and supposedly it’s your utility company on the other end. They want to talk to you about your account but require your birth date and postal code on the account because of privacy concerns. You go, huh, but you called me. And who is this, really? Sound at least vaguely familiar?
Unfortunately, as we move at ever increasing velocity into our data collection, mining, cross referencing and digital retention future very little is going to remain secret or private. We are telling people and required to tell people we don’t know matters that were not considered secret before like name and address but are now state protected under privacy legislation because there are new uses for that information, some benevolent some not so much. And it is growing exponentially this new version of “cops and robbers” and it is still very early days. It is there to protect us but does that really help? In some ways this is all a bit like “the jury will kindly disregard that last remark” or defamation where quite often “clearing your name” keeps the titillation at the forefront and at the end of day even if successful everything including you seems smeared. To a certain extent, we put it all out there expecting someone else to shepherd and protect. That may not be the best plan but it is the plan being implemented and promoted. And now we are going to put it all “in the cloud” for better or for worse. Laws are generally penalistic in nature and that is rearview enforcement rather than prevention and just does not stop bad people. In my opinion it won’t work long term being artificial in nature but in the meantime, “it is what it is”.
So when I was asked to write this month’s Ask the Expert column respecting privacy matters (issues) I initially thought well this should be easy; just quote some of the laws in effect and away we go. Unfortunately like so many things first blush is rosier than actual inspection and requires much deeper review.
Job Interviews Requiring Facebook Account Password. Whoever Heard of Such a Thing?
Some of the AMBA membership does have to concern itself with enforcement of privacy legislation within their own organization such as AMBA does of itself. Julia Lee AMBA Privacy Officer for AMBA wrote in the Winter 2011 edition about Social Media Background Checks and how prospective employers are doing their due diligence through social media searches. Well here is an update from Associated Press March 21 2012 If You Want A Job, You May Have To Turn Over Your Facebook Password article which states that both public and private employers are increasingly requesting prospective employees access to their Facebook accounts as part of the interview process. Whoever heard of such a thing? As stated in the article, “It’s akin to requiring someone’s house keys,” said Orin Kerr, a George Washington University law professor and former federal prosecutor who calls it “an egregious privacy violation.”
And yes several states have introduced or are about to introduce laws restricting such behavior but in Maryland and Illinois it appears restricted to public agencies. And so it goes.
Politicians Make The Laws But That’s Not Near The End Of It
Back to the legislation. Yes we have here in Alberta the Personal Information Protection Act (“PIPA”) and each province has its own version and yes they are similar but not the same remembering that chimpanzees are 98.63% human and the devil is always in the details. By way of recent example On April 30, 2012 our Alberta Court of Appeal threw into question the constitutionality of PIPA as being overly borad and vague and contravening the Canadian Charter of Rights in United Food and Commercial Workers, Local 401 v Alberta (Attorney General), 2012 ABCA 130 (CanLII). In part the Court said:
- It covers all personal information of any kind, and provides no functional definition of that term;
- The definition of “personal information” as “information about an identifiable individual” is essentially circular;
- The Act contains no general exception for information that is personal, but not at all private;
- There is no general exemption for information collected and used for free expression;
- There is no exemption allowing organizations to reasonably use personal information that is reasonably required in the legitimate operation of their businesses.
And then of course there is the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”). All of these require that an organization shall designate someone to be accountable for the management of personal information and know what they are doing. This includes the collection, usage, disclosure, retention, and transfer of personal information to third parties for processing and that person is to be designated the “Privacy Officer” or if at an executive level sometimes “Chief Privacy Officer”. Does your organization have one? Do you have any idea what their responsibilities are and if it’s your company the consequences of failing to provide adherence to the law?
Then there is the new federal Canadian Anti-Spam Act (“CASA”) which is much broader than this unofficial short name suggests which is not really quite yet in full force but coming soon. In March of this year the CRTC issued the final version of the Electronic Commerce Protection Regulations (CRTC) and implementation will be forthcoming. Anyone who makes use of commercial electronic messages including emails, SMS, newsletters etc., or is involved with the alteration of transmission data, or produces or installs computer programs needs to be aware of this law. For emails, SMS and newsletters it is an opt-in rather than an opt-out process so you need consent to send but if you can’t send how do you get consent? There are exceptions and there will be some transition relaxations but do you even know about it let alone the intricacies and nuances of how to comply or avoid contravention? It will affect everyone in one way or another.
If You Need Help Get Help
There is no way in an article of this length to cover what is out there let alone how it might really affect you specifically because it is so varied and changing depending on what your company does or might do. If you have a website it is global and that is a whole other subject. On May 26th 2011 a new EU originated law came into effect that may in time change the Worldwide Web as we now know it. This Cookie Law is amended privacy legislation that requires websites to obtain informed consent from visitors before they can store or retrieve any information on a computer or any other web connected device like mobile phones.
Of course in some ways all of this is akin to a fire extinguisher which you don’t need until you have a fire, but by then it’s too late.
So if you have issues which you might well have and need resolution which all companies and organizations do, try what I do when my car breaks down or I get sick. Retain an expert rather than trying to learn and fix it yourself. At least they can educate you properly before you try your first intricate maneuvers without supervision or safety net. Anyone who has started any sport knows what I mean, snowboarding and windsurfing definitely being in the top ten of my sport book of “Don’t Try This Without Lessons”. Ouch!
Have a Great Day But It’s Messy So Let’s Be Careful Out There!