A couple of recent legislative changes and initiatives will be of interest to due diligence and investigative researchers.
Amendments to PIPEDA
The Digital Privacy Act, recently passed by Parliament and soon to come into force, amends the federal Personal Information Protection and Electronic Documents Act (PIPEDA), which applies to private sector organizations that collect, use, or disclose personal information in the course of commercial activities. As the Data Protection Report notes:
The revised PIPEDA will specifically permit the sharing of personal information without individuals’ consent in the context of due diligence for business transactions, such as M&A, a partial sale of assets or transfer upon insolvency, provided certain conditions are met by the parties to the transaction. Organizations engaging in these types of business transactions will need to ensure compliance with the statutory requirements that resemble those found in Alberta’s privacy legislation. For example, under the PIPEDA amendments, only information necessary to the transaction may be communicated pursuant to an undertaking to protect the information with appropriate security measures and to use it solely for purposes related to the transaction. If the transaction does not proceed, the information must be returned. Otherwise, it may only be used after completion of the transaction for the purposes for which it was originally collected and if certain conditions are met, including notice to the individuals concerned.
The updated legislation also gives organizations the ability to disclose personal information to other organizations for the purposes of investigating a breach of an agreement, or a contravention of a Canadian law, or in connection with detecting, preventing or suppressing fraud.
Limits to Ontario Police Record Checks
A proposed bill in Ontario will standardize and limit the kinds of information released in police record checks. Police would no longer be able to disclose mental health information and would only release non-conviction records, such as acquittals, in limited circumstances to potential employers and others in background checks.
Over at Slaw, Dan Pinnington has a series of posts (which originally appeared in LAWPRO Magazine) about protecting yourself online from the myriad scams and security risks that can afflict the unsuspecting or careless internet user. He tackles the dangers lurking in email, how to recognize and avoid surfing dangers, and how to avoid infections with anti-virus and anti-malware software. The posts are aimed at the legal profession, but anyone who needs a basic introduction to online security can benefit from them.
Just what can criminals do with your hacked email account or computer? Brian Krebs has a couple of eye-opening posts describing the value of a hacked email account (iTunes accounts sell for $8 each!) or a hacked PC. This post provides some excellent advice for defending your PC against attacks.
For additional reading, Lifehacker has some good articles on online security as well. And if you’re a Mozilla Firefox or Google Chrome user (you should be), here are some resources for securing your browser:
So start the year off right by reading up on cybercrime and taking some simple steps to make sure you don’t fall victim to it.
Photo source: Mario & Amanda, Flickr
When can an employee’s off-duty web postings or other activities be reasonably monitored and controlled by an employer in order to protect the business? This has been a recurring question since the rise of the public internet and especially of social media. This article does a nice job of reviewing the case law and dissecting the issues of privacy, free speech, and employer loyalty with regard to online postings, and notes that:
It is fair to say that although technology has changed the playing field, the principles with respect to off-duty conduct in Canada have not changed. As long as employees must remain subordinate and loyal to their employer, there are limits to what they can express, even on their own devices and even if they are off-duty.
While an employer can never completely control the online behaviour of its employees, it can manage the delicate balance between protecting the business and respecting the rights of employees to privacy and free speech by putting in place “a well-drafted and well-communicated policy which clearly identifies acceptable workplace practices and use of company equipment as well as personal equipment, both at work and off work.”