The Right to be Left Alone
As early as 1890, with the invention of the modern publishing press and newspaper circulation, two famous scholars, Samuel D. Warren and Louis D. Brandeis, advocated that society needed to recognize a right to privacy - which they coined as “the right to be let alone.”
But this wasn’t the very beginning of privacy laws in the world. Legal protection of privacy can be traced as far back as 1361, where, in England, the Justices of the Peace Act provided for arrest of “peeping Toms” and eavesdroppers.
This shows that as early as the thirteen hundreds, society was concerned with the individual’s right to be free from unwanted observation.
Paraphrasing Irwin Altman, privacy is based on individuals’desire to be in charge of the degree and the circumstances under which they expose their attitudes and behaviours to others.
Why Should I Care About my Privacy Rights as an Individual?
As a famous saying goes, “information is power”. This is even more true in our exceedingly digital world. These days, we share our biometric data and voiceprint with various for-profit companies such as Apple and Google (think of how you unlock your phone). We freely share our photographs and the photographs of our children on commercially owned social media sites such as Facebook, Instagram, and others.
We share information about our whereabouts with various apps on our phones via location services. We often are eager to instal the next best free useful app or a fun game, without thinking twice about why someone would spend their time and money creating a free product for you, if they are not getting
anything in return.
We tend to favour convenience of having things at our fingertips and forget a simple fact - if something is free, you are the product.
Now, with AI becoming more and more a household tool, the bits of information we willingly share with various businesses behind the many apps and sites we use can be aggregated and analyzed with lightning speed.
It is time to ask ourselves - what do the companies behind those apps and sites do with my information? Do they store it? Do they protect it? Do they sell it? Do they comply with all relevant laws? And if not, what can I, as an individual, do to ensure that my privacy remains protected from unwanted collection, dissemination and use for profit of others?
Why Should I Care about Privacy Rights as a Business Owner?
Business owners around the world, including Canada, are faced with unprecedented number of cybersecurity attacks which compromise the integrity of not only their business data, but the integrity of their clients and customers’ data.
Sadly, when speaking with my business owner clients and friends, it seems everyone has had some type of exposure to a breach or a ransomware attack in the last few years.
Business owners have to concern themselves with the question, “Am I doing everything needed to protect the valuable personal information I have? And if not, what can I do to protect it?”
When a breach of data occurs, every business owner is faced with many immediate action items, which include, but are not limited to, answering questions such as:
1. What are my legal obligations as a result of the breach?
2. What are the implications of the breach to my business and to my customers?
3. Do I need to report the breach? Who do I need to report the breach to?
4. What do I need to do to mitigate the breach?
5. What do I need to do to protect my business from a breach in the future?
A business owner should be proactive and have a game plan before these situations occur. They should have a list of phone numbers of professionals they need to call to help them deal with an emerging situation as it unfolds. A business owner should also have periodic reviews of their privacy safeguards, legal compliance and IT systems to give them peace of mind that they are doing everything reasonably possible to protect their employees and clients’ data.
Furthermore, Canadian laws mandate a process for individuals to have access to the information that business owners hold. Thus, every business owner needs to set up a process to provide access to clients and customers’ information should the information be requested.
Small and medium business owners may feel, “these things really only matter for big companies”. Or they may feel, “I have no resources to dedicate to these issues at this time”.
The reality is, every business, whether big or small, holds personal data and every business is subject to privacy protection laws. A large corporation should have a department dedicated to privacy compliance. A small or medium size business can outsource this function to an outside professional, such as a lawyer, who can review and identify data flow issues, help develop a compliance plan, and deal with any emerging issues concerning protection of your customers’ data.
What is Protected by Canadian Privacy Laws?
Each law will have its own precise definition, but, generally speaking, Canadian privacy laws protect personal information.
Privacy can be put into three categories:
- Information privacy - the right to decide for yourself when, how and to what extent information about you is shared with others. This is rooted in the understanding that the information about you fundamentally belongs to you.
- Privacy of the person - the right to be free from unwanted physical contact, such as search and seizure, genetic testing, and drug testing etc.
- Territorial privacy - the right to be safe from intrusions into your physical space, such as your home, and in certain circumstances some public spaces. Territorial privacy rights protect you from physical search of your home, video and audio surveillance, ID checks, and more.
In today’s Canada, laws have been passed to protect privacy rights against violations by the government, other individuals as well as organizations and businesses. In Canada, we have the federal Privacy Commissioner’s Office, and provincial privacy commissioners or ombudspersons - whose role is to
investigate alleged breaches and ensure compliance with the relevant privacy laws. In British Columbia, the relevant body is the Office of the Information and Privacy Commissioner for British Columbia.
At the federal level, private sector companies are subject to privacy protections set out in the Personal Information Protection and Electronic Documents Act (PIPEDA).
In British Columbia, private businesses have to comply with the Personal Information Protection Act.
What Types of Information are Protected by Privacy Laws?
Personal information is any identifiable information about an individual. Purely corporate information (trade secrets, confidential business information or nonidentifiable information belonging to groups of
people) is not personal information and as such is not protected by Canadian privacy laws (but could still be protected by other laws).
For example, at the federal level in Canada, the Privacy Act provides for guidelines for the government’s collection, use and disclosure of personal information. It also provides for your right to access the information that the government has collected in relation to you.
For a local example, British Columbia’s Personal Information Protection Act defines personal information simply as information about an identifiable individual. This definition includes employee personal information (which is information about the individual’s employment that is collected, used or disclosed solely for the purpose of the employment relationship).
Under the British Columbia’s Personal Information Protection Act, contact information and work product information are not included in the protected class of personal information.
It is important to note that even if a piece of information by itself does not identify an individual, if it can be used with other information to do so, it can be said to be protected personal information.