#CyberFLASH: Why the Privacy Commissioner Doesn’t Need Legal Reforms To Require Transparency Reports

9886754835_89211c18e7_b-780x350Privacy Commissioner of Canada Daniel Therrien was in the news this week as he expressed concern with the evasiveness of Canada’s spy agencies and the ongoing refusal of some of Canada’s telecom companies (namely Bell) to issue transparency reports. I’ll have more to say about privacy and government agencies in my technology law column next week, but on the issue of telecom transparency reports, I believe that Therrien already has the necessary legal mandate to act now. Therrien urged all telecom companies to release transparency reports, noting:

“I think Canadians are telling us, first of all, that they would much prefer that data be shared from telcos to government only with a warrant, with a court authorization. But when that does not happen, Canadians expect that there be transparency…frankly, if there’s not more progress I will continue to call for legislation on this issue.”

I wrote about why Canada’s telecom transparency reporting still falls short late last month, emphasizing that a non-binding approach to transparency reporting has been a failure. I indicated that there is a strong argument that the law already requires companies to issue transparency reports as part of their obligation to be accountable and open under PIPEDA. Principle 4.1.4(d) establishes the following requirement under the law:

Organizations shall implement policies and practices to give effect to the [privacy] principles, including:
(d) developing information to explain the organization’s policies and procedures

Moreover, Principle 4.8.1 states that:

Organizations shall be open about their policies and practices with respect to the management of personal information.

To date, discussion of these provisions has focused on the need for publicly-available privacy policies. Yet there is no reason to think that they are limited merely to those policies. Ensuring that an organization is fully accountable for the information it collects, uses, and discloses should include reports that explain policies, procedures, and practices around information disclosures to law enforcement.

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.