PrivacyCampTO – Colin McKay

Liveblogged Julianna | 19 June 2010 | 3 Comments

Colin McKay – Privacy Commissioner’s office

  • was at another Privacy discussion yesterday with professionals and academics
  • hard to explain range of opinions and positions of people who are aware of Privacy issues
  • when you want a simple overview of privacy issues on something like Facebook, do you cover a narrow but quick overview?
  • Colin – Masters on intelligence collection, and not as tech savvy as others, but is a sucker for the latest toys
  • Colin discussing different computers he has used in the past
  • Colin (Director of Research) focuses on Education and Outreach for the Privacy Commissioner, learning about what Canadians think of privacy and how we use technology; distills information for Commissioner
  • moved from monitoring conferences in the background to participating and reading blogs and reviewing podcasts
  • Commissioner supports research/projects outside of their own work
  • Colin is able to support complaints through his own budget
  • Commissioner commissioned essays on deep packets, which got them prepared to handle some complaints that came up; setup a website regarding the technology for Canadians; posted essays on website on WordPress format to allow for feedback
  • Commissioner trying to be more open and conversational with their research –> assuming some risks because this is new for most governmental offices

Subjects on Commissioner’s radar

  • electronic health records: responsibility of some of the provincial commissioners with legislation; a different federal agency is looking at EHR certification – Privacy Commissioner is tracking this
  • national security aparatus vs corporations (law enforcement techniques and private companies; contracted law enforcement)
  • electronic health records & First Nations
  • info guide on Credit reports developed in Quebec
  • U of T – video surveillance and video analytics, notice for video surveillance
  • U of T digital wallets
  • pediatric bio banks
  • Ryerson – privacy protection as risk analysis in corporate practice
  • Ryerson – incorporating privacy into the smart grid
  • Ryerson – targeted ads

Privacy Commissioner – Toronto Office

  • Having only an office in Ottawa was becoming an issue
  • Toronto office considered a regional presence
  • Setting up an office in Toronto – focuses on PEPIDA (mostly coming from banking & insurance companies in Toronto)
  • hiring a few investigators and someone with a background in policy and outreach
  • have a building in mind
  • want to have the office ready for the fall
  • news release


How do you deal with moving targets like Facebook?

  • compliance process – ongoing dialog with the company; public stance from Commissioner is muted to keep the dialog open and ongoing
  • investigations based on the complaints received, while companies change their policies ongoing
  • there are individual investigators and others looking at overall issues related to an industry
  • process for enforcing privacy on tools is long – research, report, request commitment, take to court if no compliance

Assuming changes to PEPIDA go through, what will happen to breach notificaton from companies (e.g. compnaies saying “we didn’t think that was an issue”)

  • lot of debate on where the line in the sand is for when notification is given on privacy breach
  • will be a mix of awareness and trial and error
  • discussions happening with companies on where that line should be
  • Commissioner’s office encouraging discussions with organizations/companies when a breach does occur
  • challenge is dealing with medium and small sized organizations because they don’t have staff to handle these issues
  • many companies are already working with privacy breach notifications in some jurisdictions and apply them to all jurisdictions

e-Health – perception that the Commissioners office hasn’t championed privacy rights of Canadians. Office has been mostly silent on this.

  • provincial commissioners & federal commissioners for privacy + health policy offices
  • federal level looking at certification model
  • argument is that the model itself is fundamentally flawed

PIPEDA and privacy of Canadians re commerce

  • some advocates feel PIPEDA is too lenient
  • PIPEDA also needs to take companies interests into consideration
  • people need to have broad range of privacy

CRTC has become so archaic, but how can Privacy law/legislation keep current and avoid becoming archaic?

  • need to constantly monitor market and make changes
  • constantly working on tweaks and amendments
  • Privacy legislation requires an overhaul, and Commissioner is aware of this
  • Commissioner working with other privacy offices/commissioners

Regional office in Toronto being headed up by someone who used to work with a bank – is this too cozy?

  • opportunity to pull someone with expertise in both industry and policy
  • acknowledge that Commissioner will need to align the staff’s interests with the office

Does the Commissioner’s office interact with the PMO regarding communications issues?

  • spoke with PCO office once since he’s been working for the Commissioner
  • receive no direct instruction from PCO on communications of privacy issues
  • requests sign-offs
  • Commissioner accountability – appeared before Parliament 24 times last year; also appear before Senate and National Security committees
PIPEDA – does it need to be stronger? how do we enforce it?
  • normal process of investigation is initiated by individual complaints
  • organization & core processes being rebuilt
  • Another PIPEDA review starting next year
  • conversations happening with legal scholars

How can the Privacy Commissioner keep up with complaints?

  • recently just took care of backlog of requests
  • conducts and commissions research to support complaint investigations

3 Responses on “PrivacyCampTO – Colin McKay”

  1. Colin McKay says:

    Hi Julianna. Thanks for the liveblog. A few corrections, if you don’t mind:

    -EHRs are still the responsibility of some of the provincial commissioners with legislation
    - a different federal agency is looking at EHR certification – we are tracking this
    - about the observations on our dealings with the central agencies – it’s PCO, not PMO. PCO is the touch point for the public service.
    - my group conducts and commissions research to support complaint investigations – we don’t support complaints themselves.

    Thanks for a great session.

  2. Julianna says:

    Hi, Colin.

    I think I caught everything. I tried to strikethrough the old text, but WordPress is a little buggy.

    Thanks for taking the time to give us insight into the Privacy Commissioner’s office!



  1. [...] Colin McKay – Opening Discussion – The Office of the Privacy Commissioner of Canada [...]

Leave a Reply

You must be logged in to post a comment.