TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Canada Dashboard Digest | Notes from the IAPP Canada Managing Director, April 10, 2015 Related reading: Privacy inspection tool finds ad trackers on sensitive nonprofit websites




Fair warning: The IAPP Canada Privacy Symposium has sold out the last few years, and this year’s registration numbers are very strong. If you want your space at this year’s event, hurry up and register at the conference web page here.

So, how would you like to be working as a chief privacy officer at a telco these days? One thing’s for sure, I bet—and would hope—you’d be getting some serious face time with your CEO.

Of course, I’m talking about two huge decisions that came down this week. The first being the Canadian Report of Findings issued by the Office of the Privacy Commissioner of Canada (OPC) into Bell’s behavioural advertising program. In it, the OPC reports that Bell must rely on opt-in consent for their tracking, profiling and advertising program. The news that followed the release of the OPC’s report was somewhat confusing with respect to whether or not Bell was actually going to implement the OPC’s ultimate recommendation, and I suspect we haven’t heard the last of this issue.

The second case involving a big telco is the American one where the Federal Communications Commission (FCC) fined AT&T $25 million because the company did not adequately protect its customers' information. In addition, the FCC is requiring the company to hire a “certified” privacy professional! (If ever there was motivation to get your CIPP, CIPM or CIPT, I’d say now is the time.)

While the two cases have tons of differences in terms of how privacy laws were broken, I’d say the most striking difference for me is the breadth and aggressiveness of the punishment used by our American neighbours and the rather gentle—in comparison—recommendations made by our federal commissioner.  To be clear, I think the commissioner was as effective as possible and used the tools at his disposal as best he could. All I’m saying is that the serious ramifications for doing privacy badly in the U.S. is definitely something we aren't seeing up here, although there is something to be said about reputational impact, which may be a bit more difficult to quantify. Will it always be this way? Do the commissioners in this country not look to their southern neighbours and think, “If only we had these powers? And if we did, would it be a little easier to get compliance?” Something to keep talking about, for sure. While those kinds of powers can be a scary thought for some companies, I'm convinced it's the kind of thing that would get privacy—and the important work we all do in this profession—the face time it deserves. 

Have a great weekend, and feel free to check out other rants on Twitter @k_klein.


If you want to comment on this post, you need to login.