Less than two weeks ago, the Canadian government introduced a new Digital Privacy Act, the Bill S-4. This is the latest update at reforming Canadian privacy laws and is now the third revision to the reform that started back in 2006. The prior two bills never saw the day of light and were delayed by various factors.
The new proposed bill mostly concentrates on security breach disclosure rulings. According to Michael Geist’s report, the focus of the new bill is to update disclosure requirements of organizations when security breaches occur in which Canadian citizens are put at risk of identity theft. In other words, if big corporation X gets hacked, and your information is stolen, they will no longer have the right to hide the fact from the Canadian public for very long.
So if that is the main focus, and all of this is good, what is so alarming? The bill S-4 unfortunately also includes a new provision that will allow great expansion of warrantless collection and disclosure of personal information from databases.
Bill C-13 has already been in motion and causing stir with the government attempting to continue expanding their warrantless subscriber information access to police and law enforcement agencies with immunity from any criminal or civil liability for the involved parties. It is now public knowledge that tens of thousands of warrantless requests for subscriber data are made to Canadian companies and internet service providers.
So back to the new Digital Privacy Act Bill S-4. What is the new proposition? Well, as is stands, it is possible for any law department to request subscriber data from any company without warrant, and as we just discussed, it is being used constantly already. The new bill now suggests to open the access to everyone. Disclosure without court order would make it possible for any organization to gain access to these subscriber databases at ease, without prior knowledge or consent of the individual(s) from whom the information is being taken. The Bill states the following requirements;
“an organization may disclose personal information without the knowledge or consent of the individual… if the disclosure is made to another organization and is reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation”
The concerns are obvious, the secrecy of the information being shared does not allow for any party to contest the investigation and if it is legitimate in the first place. Companies seeking your personal information for copyright infringement would easily have it handed to them by your ISP without a court ever making it public or being involved.
It would be foolish to think these new regulations will only be affecting copyright. Organizations will find ways to abuse the system for personal gain and many more concerns arise from privacy to defamation. However, as the law stands, ISPs, local businesses and social sites can still request for a court order warrant before handing any information over to third party organizations.
The government said the new Digital Privacy Act will include more protection for Canadian consumers shopping online. What they fail to mention is that they are opening the doors to your personal information to everyone as opposed to just Canadian law enforcement.
If you live in Canada and need an added layer of security and privacy, check out our article on the VPNs best suited for Canada.