Cloud Computing: Privacy & Jurisdiction from a Canadian Perspective



Similar documents
Privacy Law in Canada

Privacy Law in Canada

Cloud Computing: Privacy and Other Risks

Index All entries in the index reference page numbers.

The cloud thing: Privacy and cloud computing

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

Protecting Saskatchewan data the USA Patriot Act

Cloud Computing: Trust But Verify

MICROSOFT OFFICE 365 PRIVACY IMPACT ASSESSMENT. Western Student E-Communications Outsourcing

Doing Business. A Practical Guide. casselsbrock.com. Canada. Dispute Resolution. Foreign Investment. Aboriginal. Securities and Corporate Finance

Distributel Communications Limited. c/o Privacy Officer 177 Nepean St. Suite 300, Ottawa, ON, K2P 0B4. January 20, 2014

Taking care of what s important to you

Accountable Privacy Management in BC s Public Sector

The Manitoba Child Care Association PRIVACY POLICY

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations

Personal Information Protection Act ( PIPA ) Privacy-Proofing Your Retail Business Tips for Protecting Customers Personal Information 1

GENERAL INSURANCE STATISTICAL AGENCY

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

COUNCIL OF THE EUROPEAN UNION. Brussels, 22 November /06 DATAPROTECT 45 EDPS 3

Cloud Computing: Legal Risks and Best Practices

Insurance Journal. Defending Until the End When Does the Duty to. Volume 1, Issue 3 Editor Keoni Norgren. May 1, 2013

CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper

The USA Patriot Act Government Briefing. Kirsten Tisdale, Chris Norman, Sharon Plater & Alexandra (Gina) Henley September 30, 2004

At TELUS we respect our customers privacy

Protecting your privacy

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law.

Common Student Information System for Schools and School Boards. Project Summary

3. Consent for the Collection, Use or Disclosure of Personal Information

Act CLXV of on Complaints and Public Interest Disclosures. 1. Complaint and public interest disclosure

POLICE RECORD CHECKS IN EMPLOYMENT AND VOLUNTEERING

Using AWS in the context of Australian Privacy Considerations October 2015

Privacy Risk Assessments

Cloud Computing Contracts. October 11, 2012

British Columbia Personal Information Protection Act. Frequently Asked Questions:

A Guide to Ontario Legislation Covering the Release of Students

PRIVACY NOTICE. Last Updated: March 24, 2015

How To Ensure Health Information Is Protected

Align Technology. Data Protection Binding Corporate Rules Processor Policy Align Technology, Inc. All rights reserved.

Best Practices for Protecting Individual Privacy in Conducting Survey Research

Insights into Cloud Computing

THE GENERAL INSURANCE OMBUDSERVICE

PIPEDA and Online Backup White Paper

A Privacy Handbook for Lawyers PIPEDA AND YOUR PRACTICE

The United States Federal Trade Commission ("FTC") and the Office of the Data Protection Commissioner of Ireland (collectively, "the Participants"),

DATA THEFT OR LOSS: TEN THINGS YOUR LAWYER MUST TELL YOU ABOUT HANDLING INFORMATION by Craig Bavis and Michael Parent

Federal Act on Data Protection (FADP) Aim, Scope and Definitions

Overview of. Health Professions Act Nurses (Registered) and Nurse Practitioners Regulation CRNBC Bylaws

AIG INSURANCE COMPANY OF CANADA Privacy Principles

Data Privacy in the Cloud: A Dozen Myths & Facts

Cloud Computing. Introduction

INDEX PRIVACY POLICY...2

Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario

It s stated goal is to give people the power to share and make the world more open and connected.

Privacy Policy. 30 January 2015

Privacy and Security Framework, February 2010

Policy Brief: Protecting Privacy in Cloud-Based Genomic Research

Information Sheet: Cloud Computing

INTRODUCTION...3 THE FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT...3 THE INFORMATION AND PRIVACY COMMISSIONER...5

Bankruptcy and Restructuring

THE CANADIAN LIFE AND HEALTH INSURANCE OMBUDSERVICE

The HR Skinny: Effectively managing international employee data flows

PRIVACY POLICY NEXT BUSINESS ENERGY PTY LIMITED ABN

Understanding Criminal Records

Resolution on Consumer Protection in Cloud Computing

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK

Consultation on Canada's International Education Strategy

Information Security Policy

Transcription:

Cloud Computing: Privacy & Jurisdiction from a Canadian Perspective Professor Michael Geist Canada Research Chair in Internet and E-commerce Law University of Ottawa, Faculty of Law

Cloud Computing - Canada Competitive advantage? Climate: reduced energy costs Infrastructure: networks running north Geography: proximity to U.S. Legislative: national privacy legislation

Canadian Privacy 101 National privacy legislation takes effect in 2004; sub similar provincial rules in BC, Alta, Quebec Privacy Commissioner - ombuds power but has proven effective (Facebook) Consent requirements for collection, use, disclosure Security and safeguard requirements Accountability principle - collector responsible regardless of location, future uses Access requirements

Privacy Meets Jurisdiction B.C. Outsourcing Case Not strictly a cloud computing issue, but puts outsourcing, jurisdictional concerns on the map BC Gov t plan to outsource health management data - U.S. companies likely RFP winners Concerns focus on USA Patriot Act (non-disclosed disclosure) Quickly expands - NSA letters, grand jury, etc. Provincial privacy consultation

Privacy Meets Jurisdiction B.C. Outsourcing Case New legislation enacted targeted public sector outsourcing of personal information effectively prohibits export of citizen s data, with some exceptions (e.g., system upgrades or repair, with ministerial consent) All BC public bodies must ensure personal information stays in Canada and is accessed only in Canada Cannot disclose in response to foreign requests or demands This extends to service providers to public bodies Exceptions: other Canadian legislative authority; Canadian court order; installation, repair, upgrade, etc. of electronic systems or equipmentdisclosure also allowed by law enforcement agencies to foreign counterparts under an arrangement, written agreement or treaty

Other Patriot Act Cases LSAC Privacy complaint against LSAC for requiring fingerprint for test takers Object to mandatory collection of biometric data, transfer to the U.S. Commissioner rules in favor of complainants LSAC adjusts requirements in Canadian testing centers SWIFT Complaint re: transfer of banking information Not well-founded Law does not block outsourcing of data Banks ultimately responsible under accountability principle

Subsequent Cases - Web based email Canada.com (2008-394) Major media organization switches email management to U.S. Privacy Commissioner receives multiple complaints Rejects complaint The risk of a U.S.-based service provider being ordered to disclose personal information to U.S. authorities is not a risk unique to U.S. organizations. emphasizes the importance of organizations assessing the risks that could jeopardize the security and confidentiality of customer personal information when it is transferred to foreign-based third-party service providers. It is essential that organizations using third-party service providers outside Canada use contractual or other means to provide a comparable level of protection while the information is being processed by the third party.

Subsequent Cases - Web based email Lakehead University v. CAUT University wishes to switch email management to Gmail Faculty association objects - raises Patriot Act privacy concerns Case proceeds to arbitration University wins Privacy concerns arise regardless of whether data transferred to U.S. or remains in Canada

Subsequent Cases - Jurisdiction Abika Complaint against U.S. provider advertising access to personal info Privacy Commissioner refuses to investigate, claims no jurisdiction Judicial appeal of decision - orders Commissioner to investigate Well-founded finding - works with FTC in taking action Opens door to future cases - ie. Facebook

The Cloud Computing Consultation Privacy commissioner launches cloud computing consultation in Comments due by April 15, 2010 Roundtable scheduled for Calgary in June 2010 Includes panel on jurisdiction

mgeist@uottawa.ca

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information