Is there Such a Thing as “Internet Privacy”?
We recently had an opportunity to speak at the 2015 “Law in Your Life” series hosted by CBA Saskatchewan and the Regina Public Library. Every year, the Saskatchewan Section of the Canadian Bar Association organizes this series of informative legal sessions as part of the national “Law Day” event. The purpose of Law Day is to promote amongst Canadians an increased awareness of their legal rights and obligations. At our session, we discussed privacy rights, protection of privacy rights online, and recent developments in internet and privacy laws. This is a topic that affects most of us on a daily basis. In particular, technology is now part of every aspect of our lives. As such, it is very important for both individuals and organizations to understand online privacy and the associated risks and obligations.
What is it?
Essentially, “Internet Privacy” refers to the privacy and security of personal information that is available on the internet. When we use the internet, we are giving up some of the privacy and security of our own personal information and the personal information we maintain as an organization. Fortunately, there are precautions that we can take to reduce the privacy risks that we face as a result.
Why does it matter?
The internet has become a big part of everyday life for most of us, both in our personal and work lives. Canadians, in particular, are very active on the internet – we log an average of 43.5 hours of online browsing per month! However, it is important to remember that information on the internet is permanent, is never entirely private, can reveal a lot about individuals, and is very valuable – especially for criminals. In addition, organizations that collect sensitive personal information are particularly at risk of threats to such information.
What laws apply?
There are a number of different laws that govern the protection of personal information and the collection, use, and disclosure of personal information by organizations in Saskatchewan. For example, both the Federal and Provincial governments have enacted legislation that affects the privacy of personal information on the internet. In addition, there are a number of court decisions that are key to understanding internet privacy.
What do I need to know as an individual?
As an individual, it is important to understand the threats to your internet privacy, as well as the associated risks. These include:
- threats to your personal information (such as Cookies, online fraud, identity theft, or social engineering attacks);
- risks relating to social networking sites (such as inappropriate use of sites or unintended consequences from such use); and
- online “spam” (such as unsolicited emails and communications that can lead to serious damage to your computer or create risks to your personal information).
In the context of these risks, it is important to understand how privacy laws protect your information, and what steps you can take to protect your own internet privacy.
What do I need to know as an organization?
Under applicable privacy laws, organizations are subject to specific privacy requirements. In particular, such laws govern how organizations can collect, use, and disclose personal information on the internet. However, what your specific obligations are will depend on the privacy laws that apply to your organization. It is important for organizations to have a clear understanding of these obligations, and to adopt a privacy compliance program that will assist the organization to meet its obligations. The contents of a privacy compliance program will depend on the nature of the personal information involved. However, there are key components to a successful privacy compliance program as it relates to internet privacy. This includes adopting a privacy policy customized for your organization, clear communication of your privacy policy to your customers or clients, and appropriate procedures for handling privacy breaches.