Our sister news site, ITBusiness.ca, held a topical Twitterchat yesterday on privacy, which came on the eve of the Canadian Anti-Spam Legislation (CASL), parts of which come into effect on July 1.
If you missed it, you can read most of the conversation here, but I’ll mention some of the highlights below.
Privacy is the twin of data security, and both are top of mind of partners and customers these days. But privacy is a two-edged sword for enterprises: They want to collect and leverage as much data as they can about customers, including the ability to share it with partners. At the same time they don’t want to harm a trusted relationship with customers. In an era when social media connects hundreds of millions of people instantly, the loss of customers’ faith in an organization can be undermined in seconds when news flashes around of a data breach or misuse of personal data.
Organizations should also note that amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) now before Parliament will oblige organizations to disclose to victims when there has been a data breach.
It also has controversial provisions that will allow organizations to give personal information to other corporations for investigating a breach of an agreement or a contravention of federal or provincial laws without a search warrant if telling the person of the disclosure would likely compromise the investigation.
While corporations might like that power — think of a media company wanting Internet service provider information on a subscriber about a suspected copyright violator, in light of the recent Supreme Court of Canada decision on privacy many wonder if that section would be held up in court. The Twitterchat touches on this.
The main guest on the Twitterchat was outgoing Ontario privacy commissioner Ann Cavoukian, known internationally for helping create the philosophy (and framework) that every organization needs to build privacy by design into their data systems that include personal information.
“If you embed privacy as a default setting, you can offer your customers a privacy assurance & build a long relationship,” she wrote in one tweet. (And if you don’t know about privacy by design, here’s a link to the seven foundational principles.)
As for CASL, John Lawford of the Public Interest Action Centre tweeted that the legislation will be very effective in helping bring back to consumers control over the personal data held by organizations. As Cavoukian noted, the point of CASL is that for corporate messaging consumers have to give prior approval — to opt-in — for commercial messages, and not be forced to opt-out after getting them.