 |
|
| technology > computing |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo}
( | |
 |
|
| |
| |
EDITIONS: | |
MULTIMEDIA: | |
E-MAIL: |
Subscribe to one of our news e-mail lists. Enter your address: |
DISCUSSION: |
CNN WEB SITES: |
 |
TIME INC. SITES: |
CNN NETWORKS: |
|
SITE INFO: |
WEB SERVICES: |
Canadian privacy law may place burden on U.S. firms
|
(IDG) -- Next month, Canada will enact a law that offers sweeping privacy protections for its citizens. But the law may also create legal obligations and data management problems for potentially thousands of businesses that exchange data with firms and subsidiaries in Canada, the U.S.'s largest trading partner.
On Jan. 1, Canada's Personal Information Protection and Electronic Documents Act becomes law, requiring businesses to offer Canadian citizens certain guarantees regarding the collection and use of personal data. For example, they must get a customer's consent before sharing data with affiliates or commercial partners and must provide access to that data for review.
| ||||||||||||||
Initially, the law will apply only to certain federally regulated businesses in Canada: airlines, banks, telecommunications firms and broadcasting organizations. But by 2004, virtually every Canadian business will be affected - and consequently, so will a broader range of U.S. businesses.
"In some cases, [the law] is going to create some interesting nightmares" for companies, said Murray Long, a privacy consultant in Ottawa. Long cited the case of a Canadian affiliate that stores its data in U.S.-based servers.
"How do you ensure that the [privacy compliance] safeguards on the U.S. corporate network are up to par?" he said.
Contractual requirements
| MORE COMPUTING INTELLIGENCE |
IDG.net home page
|
| Computerworld's home page |
| Privacy concerns cool holiday spirit |
| Privacy-law push comes from all sides |
| Privacy costs |
| Reviews & in-depth info at IDG.net |
| E-BusinessWorld |
| TechInformer |
| Questions about computers? Let IDG.net's editors help you |
| Subscribe to IDG.net's free daily newsletter for IT leaders |
|
Search IDG.net in 12 languages |
| News Radio |
Fusion audio primers
|
|
Computerworld Minute
|
The Canadian law will likely force many U.S. companies that exchange personally identifiable information with Canadian firms and subsidiaries to have a contract that commits them to following Canada's law, say legal experts.
"A multinational company operating in Canada will have to have dozens and dozens of contracts with everybody who supplies them with any personal information, including their own subsidiaries," said David Aaron, a former official at the U.S. Department of Commerce who negotiated the European "safe harbor" agreement and is now an attorney at Dorsey & Whitney LLP in Washington.
And even though it may take three years before the law affects all U.S. firms doing business in Canada, the lack of a grandfather clause - which would have exempted data collected prior to the law's enactment - may force companies to begin seeking an individual's consent well before any deadline, legal experts noted.
If a company doesn't have the consent of the individual on the day the law takes effect, it won't be able to use that person's information, even if his data was collected years ago, said Brian C. Keith, an attorney at Borden Ladner Gervais LLP in Toronto.
Some companies, such as American Express Co. in New York, prepared long ago to adapt to the law. Amex already follows the Canadian Standards Association's model code on privacy, on which the act is based, said Sally Cowan, the company's chief privacy officer. As a result, she said, the law will have "no impact" on Amex.
Canadian privacy advocates maintain that the new privacy law will help businesses.
"Consumers are more and more asking about privacy policies, and I think that organizations that have good policies and procedures in place will be able to sort of turn [privacy compliance] to their advantage," said Heather Black, a legal advisor at the Office of the Privacy Commissioner of Canada in Ottawa.
RELATED STORIES:
FBI's 'Carnivore' does not invade privacy, review finds
November 22, 2000
Industry group: Security key to 'next generation' Web
November 8, 2000
Documents reveal plan to develop Carnivore
October 23, 2000
Congress won't take up Web privacy until 2001
October 5, 2000
Location information could invade wireless privacy
October 5, 2000
RELATED IDG.net STORIES:
Privacy legislation raises questions: Will Americans envy strong EU protections?
(Computerworld)
Privacy concerns cool holiday spirit
(InfoWorld)
'Safe harbor' deal takes effect, but adoption may be slow
(Computerworld)
Privacy costs
(IDC)
Online privacy law anticipated
(NW Fusion)
Privacy package unveiled for financial institutions
(InfoWorld)
Every click you make
(InfoWorld)
Privacy-law push comes from all sides
(Computerworld)
RELATED SITES:
Privacy Commissioner of Canada
Dorsey & Whitney LLP
Note: Pages will open in a new browser windowExternal sites are not endorsed by CNN Interactive.