Privacy: shhhh Don’t Tell Anyone!
by Sandra Fletcher
“I saw that picture of you on Facebook! It was hysterical!”, and of course, that statement is completely true – there is a photo (or two) of me on facebook that is completely, absolutely hysterical. But the fact that my co-worker (my facebook “friend”) can see it, opens that photo up to her friends and, by association their friends, and so on. I am not so sure that 10 years from now when I am the President of my own multi-million dollar company and running for mayor that this photo is something that I still want hanging around!
Privacy is often thought of as a way to keep people out of your personal business. In reality, privacy is the right of every person to relative anonymity and control of their own affairs. In fact, The Office of the Privacy Commissioner of Canada defines privacy as: “The right to control access to one’s person and information about oneself.”
Now, privacy isn’t about keeping secrets. There are legitimate reasons that we need to share information. In some cases, there are reasons that we want to share information. The idea of privacy is that it is your right to control when and with whom you share information.
All businesses should keep your information private and secure so that as a customer, you can trust that business. Good customer relations and the reputation that follows can be an important business asset. Or, just the opposite may be true. If you know a company doesn’t keep your information secure, shares without your permission or uses it incorrectly or without your consent, you are likely not going to put your trust in that company. A smart consumer values good business practices.
In Canada, the Personal Information Protection and Electronic Documents Act, or PIPEDA, protects your privacy. It is federal legislation that governs all private businesses and that sets out ground rules for the collection, use and disclosure of personal information.
What Does That Mean?
When you tell someone something private, PIPEDA restricts what can they use it for and who can they share that information with. Even with your consent, businesses have to limit collection, use and disclosure to what a “reasonable person” would consider appropriate. People have the right to see the personal information that an organization holds about them and correct any errors.
The Privacy Commissioner acts as an overseer of those rights covered in PIPEDA. And the act applies to anyone in Canada with the exception of British Columbia, Alberta and Quebec which have their own Privacy legislation.
When we look at consent to use your personal information there are two different ways of providing consent to an organization. Explicit consent is where you are asked and specifically say that they can use your information by signing a declaration, usually on a form and agree to the specified purposes that the information will be used and rules for sharing that information.
There is also implied consent where you voluntarily give information without signing anything. An example might be if you are answering survey questions over the telephone and provide information about your household, voluntarily, to the surveyor.
What Is Personal Information?
Personal information as defined by PIPEDA includes any factual or subjective information about an identifiable individual. That means that if your name is attached to information, identifying you, this information is protected:
- Age or Date of Birth
- ID Numbers (such as your Health Card or Social Insurance Numbers)
- Income, Credit and Financial records
- Ethnic Origin (where you are from or what religion you are)
- Blood Type and Medical Records
- Opinions/Evaluations/ Comments (for example, things you might put on a survey or on line comments and blogs)
- Social Status (this includes whether you are married or single, etc,)
- Employee Files
What Is Not Personal?
Any business information for an employee (such as title, business phone, business address, etc.) is not considered personal information but is information owned by your employer.
Also not personal is any information that has been published – this means in print or on the internet. This would include information such as your phone number or address that may be published in the phone book or in an on line directory such as Canada411.ca.
This also includes information that is considered “public domain”. If you’ve put the photo of yourself wearing a lampshade on your head, or posted your comments on politics or even put a video of your pets doing tricks on the internet and not protected them with any passwords or privacy settings, your postings are public domain. You no longer have control as to how, when or by whom this information is used.
How Do I Protect My Information?
Like I said before, privacy isn’t about keeping secrets. In some cases, you will need to give information to get information. A classic example of this is applying for a credit card.
When you apply for credit, you are essentially asking the bank to “invest” in your ability to repay money. Before they make an investment in you, they want to know that you are going to be able to repay the money. That’s why, on credit applications, you are asked to provide personal information including income, date of birth and social status (and sometimes more). The credit company will also ask for authorization to check your credit scores or contact your employer and this is usually explained on the form that you must sign (explicit consent).
However, if you are buying something on line, the company collecting your information doesn’t need to know quite as much about you. They need to, of course, know your address to deliver your purchase and your credit card number to pay for it. But, you shouldn’t have to provide your income, date of birth or any other personal information since it is not reasonable to complete the sale.
As a newcomer to Canada, you likely have been given a Social Insurance number. There are only three types of organizations where you should ever have to give out your SIN: the bank (where they may need to report income to the government for tax purposes), your employer (who definitely will need to report income) and the government (where they use your SIN as a personal identifier). Keep your SIN safe and confidential in order to minimize identity theft.
Lastly, let’s get back to Facebook and other social networking sites. It is highly recommended that you exercise your personal information control by using the site’s “privacy settings”. Each site has different “Terms and Conditions” of use and different privacy controls and for all of the different sites you use, you should know your rights and use your control. You never know when something you posted on line could return to bite you!