#CyberFLASH: Do You Consent? Four Ways to Strengthen Digital Privacy

CPT500317455_highPrivacy laws around the world may differ on certain issues, but all share a key principle: the collection, use and disclosure of personal information requires user consent. The challenge in a digital world where data is continuously collected and can be used in a myriad of previously unimaginable ways is how to ensure that the consent model still achieves the objective of giving the public effective control over their personal information.

The Office of the Privacy Commissioner of Canada released a discussion paper earlier this year that opened the door to rethinking how Canadian law addresses consent. The paper suggests several solutions that could enhance consent (greater transparency in privacy policies, technology-specific protections), but also raises the possibility of de-emphasizing consent in favour of removing personally identifiable information or establishing “no-go” zones that would regulate certain uses of information without relying on consent.

My weekly technology law column (Toronto Star version, homepage version) notes that the deadline for submitting comments concludes this week and it is expected that many businesses will call for significant reforms to the current consent model, arguing that it is too onerous and that it does not serve the needs of users or businesses. Instead, they may call for a shift toward codes of practice that reflect specific industry standards alongside basic privacy rules that create limited restrictions on uses of personal information.

Suggestions from Canadian business that stronger consent rules are too difficult or costly is nothing new. During the heated debate over anti-spam legislation, the business community claimed that an “opt-in” model of consent that would require a more explicit, informed agreement from users would be expensive to implement and would create great harm to electronic commerce. Yet the reality is that the opt-in model is used in many other countries to provide better privacy protection and improve the effectiveness of electronic marketing.

Read more here

#CyberFLASH: Financial players weigh risks of digital relationships in Canada’s consent-based compliance regime

Local Input~ FOR NATIONAL POST USE ONLY - NO POSTMEDIA - Hacker using laptop. Lots of digits on the computer screen. Credit fotolia.How is it that you can ever truly know someone?

That’s the question that various members of the financial sector asked today at a roundtable event hosted by ITWC and sponsored by Equifax Inc.

The relationship between business and customer used to be easy – when someone wanted to open up an account, they walked into a branch. Pen was put to paper and the organizational relationship with the customer came with the warmth offered by a firm shake of the hand and good eye contact. When that’s replaced by the cold transactional endpoint offered by an ATM, or a web portal, can that same relationship still be maintained?

Everyone is trying to balance the mix of traditional channels of communication with the customer with the newer digital options available to them, says Chris Briggs, the chief marketing officer at Equifax. “Whether it’s someone that can answer the phones or someone that’s at the branch, combined with the ability to personalize through digital channels.”

Financial institutions are collecting “cold, impersonal” data about their customers and even prospective customers, said Jim Love, chief content officer at ITWC and host of the roundtable event. But people want to be treated with a personal touch, and in a way that they don’t feel their consent wasn’t considered.

At one credit union with several branches throughout Ontario, business leaders are working on the goal of issuing more personal loans to their members. The opportunity to cross-sell their members on more of their services is a driving reason behind looking at the digital channel as a way to increase their wallet share.

Even with an older demographic, at least 20 per cent of the customer base is accessing the credit union’s digital channels, a marketing manager shared.

“How do we get them onto our platform and off of other people’s platforms?” he asked. “That’s our problem.”

Concerns with consent

But the credit union was concerned about the type of consent it had from its clients and what that allowed it to do to market other products to them. It seemed the more that was done to protect themselves as an institution from a regulatory standpoint, the harder it was to understand from a customer point of view.

Read more here

#CyberFLASH: What does consent look like in the 21st century? Canada’s privacy commissioner calls for public input

Therrien-620x250Canada’s privacy watchdog announced today that his office is seeking public input on the issue of consent in the digital age. Daniel Therrien, Privacy Commissioner of Canada, has invited submissions from groups and individuals alike — specifically mentioning IT specialists and educators — in a speech made this morning at the International Association of Privacy Professionals conference in Toronto.

Therrien said that mobile apps, smart devices, wearable technology, and the verbose privacy policies of the services we use every day are creating new challenges for the current consent model in the law. The Personal Information and Electronic Documents Act (PIPEDA) that created that model was introduced before smartphones, cloud computing, and the social networking boom, he noted.

“Gone are the days of routine, predictable, and transparent one-on-one interactions with companies,” reads the text of Therrien’s speech. “It is no longer entirely clear who is processing our data and for what purposes.”

Consumers are being saddled with an overwhelming amount of legal text when making a choice about whether to share their personal information, the commissioner says. It’s time to update how consent can be collected from Canadians under the law, and the commissioner’s office has released a discussion document outlining some options as a starting point.

Also in his speech, Therrien made an appeal to consider giving his office more authority to proactively enforce privacy legislation. Most other countries allow privacy regulators to issue binding orders to impose financial sanctions against organizations, he says, so why not Canada?

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.