UNIT 9 2010-II-25

UNIT 9 2010-II-25 - ENGR 4760U Ethics, Law and...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ENGR 4760U Ethics, Law and Professionalism for Engineers Unit 9 - Privacy Issues 2010-II-25 Dr. J. Michael Bennett, P.Eng, PMP UOIT Unit 9 Privacy Issues Change Record s 2010-II-25 Initial Creation 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-2 Unit 9 Privacy Issues Course Outline 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. The Engineering Profession Ethical Issues Engineering Law Intellectual and Industrial Property Conflict Resolution The Contracting Process Other Legal Issues for Professional Engineers Occupational Health and Safety Privacy Issues Legal Landmines on the Internet International Trade Environmental Laws and Regulations Ethics, Law and Professionalism Winter 2010 9-3 2010-II-25 Dr. Michael Bennett Unit 9 Privacy Issues Topics 9.1 Internet Speech Regulation 9.2 Internet Privacy 9.3 The Internet and Intellectual Property 9.4 The American Position 9.5 PIPEDA 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-4 Unit 9 Privacy Issues 9.1 Internet Speech Regulation s The Problem 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-5 Unit 9 Privacy Issues Child Pornography The 1st amendment, of the US Constitution says "Congress shall make no law....abridging the freedom of speech" s Can I spout hate, discrimination, incite the Talibans to blow up the Empire State Building? s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-6 Unit 9 Privacy Issues Child Online Protection Act s Passed by Congress in 1998. Say things like x "whoever knowingly...using the WWW, makes any communication for commercial purposes that is available to any minor...that includes any material harmful to a minor...shall be fined not more than $50,000, imprisoned up to 6 months or both" x "whoever violates the above, .. $50,000 for each violation" 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-7 Unit 9 Privacy Issues COPA v. Reno Will go to the SC and will lose! s Already a case in BC where a person is allowed to keep his collection of kiddy-porn as his constitutional right! (thanks Pierre!) s Rewrite of this law likely s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-8 Unit 9 Privacy Issues Regulation of Obscenity Very difficult to control s Big tall statues are obscene to the Talibans s "One person's obscenity is another's delight" s Hence no regulation really s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-9 Unit 9 Privacy Issues Regulation of Hate The "Zundelsite" in California s Clearly in violation of Canadian law but international law? s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-10 Unit 9 Privacy Issues 9.2 Internet Privacy Law is still evolving here s If you hack in, you are likely in violation of the law s But what about collecting data? Or providing the technology to collect data that you know is going to harm people s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-11 Unit 9 Privacy Issues IBM and the Holocaust s s s Thomas J Watson knowingly sold tabulators and sorters to the 3rd Reich knowing full well what the Germans were doing with them No only counting Jews but trains and bullets and tanks No one knew until now, how the Nazis rounded up people so fast and efficiently (thanks Tom) 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-12 Unit 9 Privacy Issues 9.5 PIPEDA Personal Information Protection and Electronic Document Act s Is now Canadian law, covering most businesses s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-13 Unit 9 Privacy Issues What IS PIPEDA? s s Basically a federal law prohibiting most businesses (wherever located) from collecting, disclosing or using personal information about individuals that they have collected in the course of commercial activities UNLESS the individual's informed consent has been obtained PIPEDA also creates mandatory operational standards for handling personal information, as we have seen Ethics, Law and Professionalism Winter 2010 9-14 2010-II-25 Dr. Michael Bennett Unit 9 Privacy Issues PIPEDA's "Personal Information" s Any info about an identifiable individual including but not restricted to x x x x x x x Person's name Address, DOB, SIN, ID numbers Income, ethnicity, blood type, passwords License plate numbers, interests, hobbies Habits, sexual orientation Medical records and histories Loan and credit information Ethics, Law and Professionalism Winter 2010 9-15 2010-II-25 Dr. Michael Bennett Unit 9 Privacy Issues PI does NOT include Name, title, business address, telephone numbers s E.g. business card info s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-16 Unit 9 Privacy Issues Use of Publicly Available Info If the info is freely available (such as a telephone book), you can use it and not require permission s BUT has to be directed towards the use for which it was listed s You can use the PEO's directory to hire engineers BUT NOT to peddle vacations to them s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-17 Unit 9 Privacy Issues What does PIPEDA NOT cover? s s s Does not apply to governments Does not cover info collected, used or disclosed for personal, domestic, journalistic, artistic or literary purposes E.g. x x You could obtain a reference from a 3rd party about a prospective nanny without the nanny's consent A journalist may collect, use or disclose personal information about a subject without their consent Ethics, Law and Professionalism Winter 2010 9-18 2010-II-25 Dr. Michael Bennett Unit 9 Privacy Issues Weird Stuff s s s PIPEDA does NOT apply to personal info about employees of provincially regulated businesses PIPEDA DOES apply to personal info about employees of federally regulated businesses PIPEDA does NOT apply to charitable or not-forprofit orgs (universities, schools, hospitals, etc) UNLESS they do it for commercial purposes (such as selling donor lists) 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-19 Unit 9 Privacy Issues O Canada! Applies to all federally-regulated businesses EXCEPT Quebec which has its own legislation s BC and Alberta too s Ontario is planning one s BUT PIPEDA is the highest standard (so far!) s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-20 Unit 9 Privacy Issues Main Compliance Obligations Businesses must establish policies and procedures for at least the following s Accountability s Limited Collection, Use and Disclosure s Consent s Openness and Access s Security Measures s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-21 Unit 9 Privacy Issues Procedures Must protect the PI s Must have an approach for information transferred to a third party s Must train and inform staff s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-22 Unit 9 Privacy Issues Accountability Must have a "Privacy Compliance Officer" named and appointed and must name him/her when asked s Large companies will have privacy teams in place to help out the PCO s Membership will come from areas such as R&D, marketing, IT, legal, areas that normally handle personal information s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-23 Unit 9 Privacy Issues Limited Collection, Use and Disclosure s s s s s Bs MUST identify the purposes for which the information is being collected Must collect only the info necessary for these purposes Must use and disclose the PI only for the purposes originally intended Must keep records of those purposes and develop record retention and destruction policies Must destroy, erase or make anonymous, all PI that is no longer needed for the identified purpose Ethics, Law and Professionalism Winter 2010 9-24 2010-II-25 Dr. Michael Bennett Unit 9 Privacy Issues Consent s s s s s The knowledge and consent of the individual are required for the collection, use and disclosure of PI Consent may be given orally or in writing Can be implied or expressed Opting in and opting out OK E.g., customer give his home address for a delivery; implied consent, But company cannot keep the address and send out a sales brochure Ethics, Law and Professionalism Winter 2010 9-25 2010-II-25 Dr. Michael Bennett Unit 9 Privacy Issues Express consent will be used in most cases s There exist explicit criteria for negative optioning s If a business change the use of its PI, it must obtain fresh consent for the new use s There are no grandfathering clauses so most businesses will have to get fresh consents from their customers s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-26 Unit 9 Privacy Issues Openness and Access Open-kimono; businesses must make readily available specific information about their policies s Individuals have the right to access their personal information s Businesses have to respond to complaints s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-27 Unit 9 Privacy Issues Security Measures s Businesses must develop security policies to protect the information from x Loss x Theft x Unauthorized access x Disclosure x Copying x Use or modification 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-28 Unit 9 Privacy Issues Necessary Security Safeguards Physical methods (locking file cabinets, restricted access to offices, etc.) s Organizational measures such as security clearances, restrictions on a need-to-know basis, confidentiality agreements s Technological measures such as the use of passwords, firewalls, encryption s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-29 Unit 9 Privacy Issues Purchases and Sales Transactions Serious implications in take-overs and mergers s The sale of business assets that contain personal information, for example, customer lists requires fresh consent s May be hard to do, if not impossible s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-30 Unit 9 Privacy Issues Suppliers s Most businesses use third-party suppliers to do things like x Customer billing x Website hosting x Customer support services x Marketing x IT development s All need the consent to be transitive! Ethics, Law and Professionalism Winter 2010 9-31 2010-II-25 Dr. Michael Bennett Unit 9 Privacy Issues Suppliers cont Third-party need to apply the same safeguards as the original organization s Business has to have the right to audit the third-party people s Examples s x IBM Winnipeg data centre x CRA Quebec leak 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-32 Unit 9 Privacy Issues Online operations Businesses have to post their privacy policy s Should be clear and obvious to the user s Viewers should expressly accept the policy's terms using a click-through technique s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-33 Unit 9 Privacy Issues Inter-Company Activities s Sharing of PI must require other arms of the company to preserve the PIPEDA requirements 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-34 Unit 9 Privacy Issues Strategic Alliances s If businesses enter into joint ventures, involving sharing PI, must make sure appropriate consent is obtained 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-35 Unit 9 Privacy Issues If two companies co-brand an object, they must: Clearly state the identity of the company for which the consent is being provided s Detail the collection, use and disclosure to be made by each entity that intends to use or disclose the customers' PI s Describe the use and disclosure that each party to the alliance intends to make of the PI after the relationship ends s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-36 Unit 9 Privacy Issues Consequence of Non-compliance Can complain to the Privacy Commissioner s Can seek remedies through the Federal Court for unlimited damages! s Could have big bucks attached to them s Even the bad publicity would hurt a lot s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-37 Unit 9 Privacy Issues Complaints Procedure Any individual can file a complaint with the PC s A whistleblower could too, not just the PI holder s PC has to go to court to force a business to comply (BAAAAD); not so with the current provincial acts s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-38 Unit 9 Privacy Issues What Happens Next? Do an inventory/audit s Develop a compliance plan and privacy policy (this is public) s Implement the plan s Ensure that the employees are informed and trained with respect to the plan s Monitor and update compliance regularly s 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-39 Unit 9 Privacy Issues Complaints Policy s s s s s s Do NOT ignore it Centralize complaints Attempt to resolve complaint before investigation Obtain legal advice where appropriate Assert privilege for material provided during the investigation to attempt to protect confidential information Be prepared to disclose to Privacy Commissioner Ethics, Law and Professionalism Winter 2010 9-40 2010-II-25 Dr. Michael Bennett Unit 9 Privacy Issues Canadian Position s "The State has no right to be in the bedrooms of the nation" P. Trudeau 2010-II-25 Dr. Michael Bennett Ethics, Law and Professionalism Winter 2010 9-41 ...
View Full Document

Ask a homework question - tutors are online