The Digital Rag
Real World Information in a Virtual World
Sign Up!
Login Welcome to The Digital Rag
Sunday, February 05 2012 @ 12:22 AM PST

Watch out for Microsoft Instant Messaging - and more on privacy

Sunday, January 02 2005 @ 11:20 AM PST

Contributed by: Richard Pitt

Newsletter PostingsFrom October 11, 2004 newsletter

Last issue I noted that signing up for PLAXO's web-managed contact list was a bad thing from the point of view of privacy - and especially the privacy legislation here in Canada.

I am not a lawyer, but... the following is offered as a general comment on the potential for problems arising from an incident similar to what I reported on last issue.
PIPEDA - The Personal Information Protection and Electronic Documents Act - covers ALL aspects of the use and disclosure of information about a customer or business contact. In the case of PLAXO, the fact that the contact information for a (large) number of customers of a business was allowed to be uploaded (regardless of whether the consent was informed or not) was a potential transgression against the privacy of all the various contacts.

See: http://www.privcom.gc.ca/legislation/02_06_01_e.asp for the act and regulations.

It is not just the fact that the e-mail addresses of contacts were "shared" with the service, but the fact that many also had other identifying information included in the "business card" records gleaned from the Outlook Express contacts list. Only if each of the persons whose information was to be shared/stored remotely gave their written consent would such a sharing be allowed.

An e-mail address by itself is not generally "identifiable" (who is george999 at yahoo.com for example?) - but when combined with the full name and/or address, phone number, or other identification information it becomes "personal information" (Oh... that George)

If a private individual uses PLAXO or some other commercial and remote service to store their contact list it is different from an employee of a business doing the same thing, as far as PIPEDA is concerned.

"Part 1 of this enactment establishes a right to the protection of personal information collected, used or disclosed in the course of commercial activities, in connection with the operation of a federal work, undertaking or business or interprovincially or internationally."

Of course it is questionable whether the fact that PLAXO is in business causes the act to kick in even for its use by a private individual, but I'll leave that for the courts if/when.

The point is that as an employee or employer or business person of any stripe you now must be extra careful in if or how you expose your customer's information to someone outside your organization.

Story Options

Trackback

Trackback URL for this entry: http://digital-rag.com/trackback.php/20050102112037202

No trackback comments for this entry.

0 comments

What's New

Stories

No new stories

Comments last 2 days

No new comments

Trackbacks last 2 days

No new trackbacks

Older Stories

Thursday 15-Sep


Saturday 10-Sep


Tuesday 30-Aug


Saturday 20-Aug


Thursday 18-Aug


Sunday 14-Aug


Thursday 04-Aug


Tuesday 02-Aug

?

Ads by Clickochet

G+ Public Posts

There was a problem reading this feed (see error.log for details).
?

G+

?

Facebook Page

RSS Feed

Richard's Digital Rag

Poll

How do you like to find out news about the internet and computers?

  •  Newspaper
  •  Radio
  •  TV
  •  Web Search
  •  Favourite Web Site(s)
  •  Pod Cast
  •  Video Online
  •  Email List(s)
  •  RSS - Syndication
  •  Word of mouth
This poll has 0 more questions.
Results
Other polls | 27 votes | 0 comments