Blog Editors

Joe Hodnicki
County Law Library Director
Butler County Law Library (OH)
Email

Mark Giangrande
Reference Librarian
Lecturer in Law
DePaul University Law Library
Email

Contributing Editors

Caren Biberman
Director of Library & Information Services
Cahill Gordon & Reindel LLP
Email

Sarah Glassmeyer
Director of Content Development
CALI
Email

Victoria Szymczak
Director of the Law Library
Associate Professor of Law
Univ. of Hawai‘i at Mānoa, School of Law
Profile
Email

David C. Walker
Information Services Librarian
Lincoln Memorial Univ.
Duncan School of Law Library
Email

About Law Librarian Blog
Email Editor Comments & Content

News Readers & Feeds
FeedBurner Subscription Service
Enter your Email:


Powered by FeedBlitz
View Recent Posts from Network Blog Feeds

Search This Blog

Blog Traffic

Since January 1, 2005

Disclaimer

Just in case you don't get it: The views expressed are solely those of the blog post author and should not be attributed to anyone else, meaning they do not necessarily represent the views of any organization that the post author is affiliated with or with the views of any other author who publishes on this blog.

Blogware

Powered by TypePad

Notices

© Copyright All Rights Reserved
Contact post author for permissions

« Immigration Policy Resources | Main | Bush Administration Issues EO on FOIA Administration »

December 15, 2005

Privacy in the Age of the Internet: Canadians concerned about US PATRIOT ACT

The debate over the renewal of the PATRIOT Act is generating headlines in the U.S., but this legislation is also being closely watched in Canada.

In response to a privacy complaint against the Canadian Imperial Bank of Commerce (CIBC) due to its outsourcing of data to the United States, the Privacy Commissioner of Canada wrote:

The possibility of U.S. authorities accessing Canadians' personal information has been raised frequently since the passage of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, 2001 (USA PATRIOT Act). Prior to the passage of this Act, U.S. authorities were able to access records held by U.S.-based firms relating to foreign intelligence gathering in a number of ways.

What has changed with the passage of USA PATRIOT Act is that certain U.S. intelligence and police surveillance and information collection tools have been expanded, and procedural hurdles for U.S. law enforcement agencies have been minimized. Under section 215 of the USA PATRIOT Act, the Federal Bureau of Investigation (FBI) can access records held in the United States by applying for an order of the Foreign Intelligence Surveillance Act Court. A company subject to a section 215 order cannot reveal that the FBI has sought or obtained information from it.

The risk of personal information being disclosed to government authorities is not a risk unique to U.S. organizations. In the national security and anti-terrorism context, Canadian organizations are subject to similar types of orders to disclose personal information held in Canada to Canadian authorities. Despite the objections of the Office of the Privacy Commissioner, the Personal Information Protection and Electronic Documents Act has been amended since the events of September 11th, 2001, so as to permit organizations to collect and use personal information without consent for the purpose of disclosing this information to government institutions, if the information relates to national security, the defence of Canada or the conduct of international affairs.

In addition to these measures, there are longstanding formal bilateral agreements between the U.S. and Canadian government agencies that provide for mutual cooperation and for the exchange of relevant information. These mechanisms are still available.|PIPEDA Summary 313|

To address the issues raised by outsourcing data to the U.S., Jim Bronskill recently reported that the Canadian government has drafted guidelines to regulate or even prohibit cross-border data flows of personally identifiable information to the U.S.

The [Canadian] federal Treasury Board led a working group to develop special clauses for inclusion in future business requests and contracts to lessen the risk [of disclosure].

The draft guidance document suggests, in the interest of upholding Canadian privacy laws, that [Canadian] federal databases of sensitive personal information created by contractors be located in Canada and be accessible only within the country.

However, it recognizes international trade obligations may make this impossible. In such cases, the government suggests contractors must agree to respect Canadian privacy laws as a condition of contract.

The guidelines say that if the privacy risk is considered high, a federal department might go so far as to cut off the flow of personal information to a foreign firm should it be "presented with an order" - such as an FBI notice - compelling release of data about Canadians. |CNEWS| |Yahoo Canada||LFP|

In October, 2004 the Privacy Commissioner of British Columbia essentially banned the export of personally identifiable information about Canadian citizens to U.S. contractors or subsidiaries due to concerns that this information could be divulged to the U.S. Government under a F.I.S.A. warrant. You can find the report and an executive summary here.

The Privacy Commissioner of Canada issued a report in August, 2004 discussing the implications of the PATRIOT Act for Canadian privacy. |PDF|

Neal R. Axton, William Mitchell College of Law Library

December 15, 2005 in Statutes & Regs | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341bfae553ef00d83558e3c269e2

Listed below are links to weblogs that reference Privacy in the Age of the Internet: Canadians concerned about US PATRIOT ACT:

Comments

Post a comment