Volume IV

Issue : 8: April 20, 2006

• Court Refuses to Exercise Jurisdiction Based on Website
• Swedish Appellate Court Refuses to Hear Case of Individual File Sharing
• Inadequate Protection of Customers Personal Information by U.K. Businesses
• New Canadian Policy Addresses Trans border Data Flows
• Michigan Law Restricting Violent Video Game Sales Overturned
• CRTC Declines to Regulate Mobile TV
• Court Authorizes Internal Revenue Service To Seek Customer Information from PayPal Inc.

Home > Volume IV > Issue 8: April 20, 2006 > New Canadian Policy Addresses Trans border Data Flows

New Canadian Policy Addresses Trans border Data Flows

Privacy analysts and others are increasingly concerned about how foreign legislation, such as the USA PATRIOT Act, creates privacy risks when Canadians’ information travels outside of Canada. These concerns are strengthened by the fact that Canadian governments and private companies increasingly outsource services to foreign entities. As a result, information stored or accessible outside of Canada is subject not only to Canadian laws, but also to the laws of the foreign country.

The Canadian government has recently released a report titled “Privacy Matters: The Federal Strategy to Address Concerns about the USA PATRIOT Act and Trans-border Data Flows” which outlines its strategy for addressing these concerns.

The principles underlying the government’s strategy include the idea that responsibility for addressing privacy concerns is not the government’s alone, but is shared with other governments, the private sector, and Canadians themselves. Further, privacy needs to be weighed against other important considerations such as ensuring that government contracts protect privacy while also resulting in improved service to Canadians, facilitating international trade agreements, and protecting public safety and security.

The report outlines the government’s strategy for addressing privacy concerns arising from trans-border data flows:

• Awareness: The government made all institutions subject to the federal Privacy Act aware of the privacy issues raised by trans-border data flows.
• Risk Identification and Mitigation: The federal institutions reviewed their various contracting and outsourcing arrangements to identify privacy risks, assess the seriousness of those risks, and take corrective action as required.
• Guidance on Privacy in Contracting: The government is providing a list of privacy best practices and a policy guidance document for federal institutions, including a privacy checklist and other advice.
• Follow-up: The government will take additional measures over the next few years to mitigate privacy risks further. These measures include: a further assessment of federal contracting activities; developing additional guidelines; increasing awareness; conducting the scheduled 2006 review of PIPEDA and determining whether the federal Privacy Act should also be reviewed; and developing a privacy management framework to establish high levels of privacy protection throughout the federal government.

For a copy of the report, visit:

http://www.tbs-sct.gc.ca/pubs_pol/gospubs/TBM_128/pm-prp/pm-prp_e.asp