This slide show was part of a presentation by mark Hayes at the 2011 Canadian Bar Association Annual Meeting in Halifax, Nova Scotia on August 16, 2011.
This describes the functions of a Notary. This is from a lecture in Conveyancing conducted for the final year students of the Sri Lanka Law College in 2007
Explores:
1. Introduction to Privacy Regimes in the United States and Abroad
2. Mobile Applications and Devices
3. Lawful Collection and Use of “Big Data”
4. International Privacy and Cross-Border Data Transfers
5. Data Security Requirements and Data Breach Response
6. IT Outsourcing and the Cloud
7. Recent Developments and Emerging Issues
Have you ever felt confused by HIPAA’s complex regulations? Even if you are well versed in the laws, there are still many headache inducing intricacies. In this webinar, an experienced HIPAA auditor will highlight the basics of HIPAA, its regulations, what you need to know about it, and how it may affect you, especially with a new wave of HHS audits looming. The webinar is designed for HIPAA novices and experts alike, and all questions are encouraged in this interactive session.
Confidentiality can be defined as the
ethical principle or legal right that a
physician or other health professional will
hold secret all information relating to a
patient, unless the patient gives consent
permitting disclosure.
This describes the functions of a Notary. This is from a lecture in Conveyancing conducted for the final year students of the Sri Lanka Law College in 2007
Explores:
1. Introduction to Privacy Regimes in the United States and Abroad
2. Mobile Applications and Devices
3. Lawful Collection and Use of “Big Data”
4. International Privacy and Cross-Border Data Transfers
5. Data Security Requirements and Data Breach Response
6. IT Outsourcing and the Cloud
7. Recent Developments and Emerging Issues
Have you ever felt confused by HIPAA’s complex regulations? Even if you are well versed in the laws, there are still many headache inducing intricacies. In this webinar, an experienced HIPAA auditor will highlight the basics of HIPAA, its regulations, what you need to know about it, and how it may affect you, especially with a new wave of HHS audits looming. The webinar is designed for HIPAA novices and experts alike, and all questions are encouraged in this interactive session.
Confidentiality can be defined as the
ethical principle or legal right that a
physician or other health professional will
hold secret all information relating to a
patient, unless the patient gives consent
permitting disclosure.
A training powerpoint presentation for employees in patient confidentiality as a follow up on multiple breaches of confidentiality and privacy of protected health information of celebrities in a hospital setting.
Workplace strategies for protecting confidential and proprietary propertyNow Dentons
Workplace strategies for protecting confidential and proprietary property. Includes: Tracking and other IT surveillance tools, Telework/remote systems access policies and practices, Employee use of YOUR Information Technology Resources, Social Media, The Law, or ‘Getting “Dooced”’, etc.
This is a slideshow explaining the importance of protecting patient privacy and confidentiality. This slideshow is for education and training purposes only.
Protection of Personal Information Bill (POPI)Robert MacLean
A short presentation that focuses on the proposed POPI law, how it impacts businesses, technology, IT depts & the cloud. It was based on a draft so some aspects may have changed.
Internal Investigations and Employee PrivacyDan Michaluk
A presentation to fraud investigators on managing privacy issues in investigations. Focus is on bridging the divide between legal and privacy officers and investigators.
Privacy rules matter—make sure your firm stays compliant.
While every lawyer knows the basic rules behind confidentiality and attorney-client privilege, the significance of privacy law is less well-known—and that lack of knowledge can impact your law firm. Emerging privacy rights and rights of action are impacting businesses of all types—including those in the legal profession. Local, national, and even international laws are making privacy the next frontier in data management for lawyers.
Are you prepared to adjust to the new demands of privacy for law firms, and move beyond confidentiality?
Join Joshua Lenon—an IAPP Certified Information Privacy Professional and Clio’s Lawyer in Residence and Data Protection Officer—as he explains how these privacy laws can impact law firms and what your firm should do to ensure compliance.
In this free 1-hour CLE-eligible webinar, you’ll learn:
Why law firm data must conform with emerging privacy regulations
The impact of clients’ compliance with privacy law on firm operations
Future privacy laws that may affect your law firm—no matter where you operate
https://www.clio.com/events/webinar-law-firm-privacy/
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
No matter what kind of law practice you have, you need to comply with privacy laws generally and lawyers' ethical duties with respect to privacy, specifically. In this presentation, legal ethics counsel Sarah Banola (Cooper, White and Cooper, LLP) and employment and privacy attorney Diana Maier (Law Offices of Diana Maier) deliver a primer on privacy law and teach you the key areas of privacy law and associated ethical obligations.
Texas Privacy Laws - Tough New ChangesJim Brashear
Overview of principal Texas privacy laws and amendments that became effective September 1, 2012. Some say the new Texas law is tougher than federal HIPAA laws.
Privacy Breaches - The Private Sector Perspectivecanadianlawyer
Discusses issues that arise in organizations when faced with a privacy breach. Compares attitude and approach of organizations with those of privacy regulators.
Leveraging Jurisdictional Differences in Copyright Litigationcanadianlawyer
Discussion of differences between copyright law in Canada and the United States and when plainitff should consider parallel actions to encourage settlement.
Leveraging Jurisdictional Differences in Copyright Litigation
Privacy, Privilege And Confidentiality For Lawyers
1. Privacy, Privilege, Confidentiality and Ethics Canadian Bar Association Annual Meeting, Halifax, August, 2011 Mark Hayes, Hayes eLaw LLP, Toronto
2. Privacy, Privilege and Confidentiality 3 distinct and overlapping concepts Often confused with each other Important for lawyers to understand different types of obligations
3. General Concepts Privilege Legal right that applies in specific circumstances (e.g. solicitor/client & litigation privilege) Confidentiality Legal duty to hold in strict confidence and not disclose any kind of information that are subject to such duty, not just personal information Privacy Body of statute law governing collection, use and disclosure of personal information
4. Control Confidentiality Controlled by client; can be waived (intentionally or otherwise) Privilege Controlled by client; can be waived (intentionally or otherwise) Privacy Controlled by individual in question; consent or exception to consent requirement General reasonableness requirement
5. Confidentiality Source: primarily common law and professional regulations (e.g. Rules of Professional Conduct) Broad in scope – Ont. RPC s. 2.03 – “all information concerning the business and affairs of the client acquired in the course of the professional relationship” Waiver of duty of confidentiality & solicitor/client privilege: Harish v. Stamp, R. v. Hobbs, Osiris Inc. V. 1444707 Ontario Ltd. Waiver of confidentiality does not necessarily waive privilege (if one applies)
6. Privilege Source: primarily common law Salosky(SCC): "fundamental civil and legal right” Emerges from the duty of confidentiality inherent in solicitor/client relationship Sometimes permanent (e.g. solicitor/client privilege) or limited by existence of specific circumstances (e.g. litigation privilege only pending litigation) Statutory limitations must be clearly and expressly provided by (Blood Tribe Dept of Health v. Canada) Waiver of privilege may not affect confidentiality
7. Privacy Primarily statutory Must obtain informed consent for collection, use or disclosure of personal information by an organization in the course of its commercial activities In addition to consent requirement, collection, use or disclosure of PI must be reasonable Only collect as much information as is required Publicly available personal information is not exempt from consent requirement
8. Privacy Application: any organization engaged in commercial activity Includes lawyers, unless acting as agent for individual in personal capacity (Ferenczy) This conclusion not accepted by Privacy Commissioner Various administrative requirements Provide access to or correct PI in possession on request Keep PI secure Retain PI only for long as is required
9. Consent Exemptions For lawyers, exemptions from consent requirement are critical Some important ones: Required by law Investigations of breach of statute or contract Private purposes (if acting for individual) Provincial privacy laws in BC and Alberta have additional exemptions
10. Cases on Lawyers and Privacy Can’t disclose PI pursuant to summons issued by an individual without jurisdiction to compel production (i.e. other lawyer) - PIPEDA Case Summary #2009-005 Consent not required to disclose personal information in response to writ of seizure issued by court - PIPEDA Case summary #2003-174 Law firms cannot collect credit reports without consent: PIPEDA Case Summary #2006-340 Solicitor’s lien insufficient grounds to deny access to personal information - Settled case summary #30 (2007) Not reasonable to use individual’s SIN for general identification purposes – limited to payroll and income tax purposes - PIPEDA Case summary #2002-69
11. Overlaps Personal information subject to privilege Client information subject to privilege Personal information that is confidential
12. Obligations Different But Consistent For the most part, all of privacy, privilege and confidentiality consistent in requiring: Access to information be limited Appropriate security steps be taken Major difference Privilege and confidentiality controlled by client (who can waive rights) Privacy controlled by legislation and consent of individual concerned - client cannot validly instruct lawyer to breach privacy
13. Privacy and Privilege Privacy statutes: individual must be given access to PI Many examples of litigants requesting access from lawyers What if PI is privileged? PIPEDA s. 9(3) excludes access obligation if “information is protected by solicitor-client privilege” But what about other privileges? PIPEDA Case Summary #2008-397: also applies to litigation privilege; liberal interpretation PIPEDA Case Summary #2010-001: court procedures more appropriate to deal with allegation that documents improperly withheld as privileged
14. Privacy and Confidentiality Confidentiality obligation subject to certain exemptions E.g. Ont. RPC s. 2.03: may disclose confidential information “where a lawyer believes upon reasonable grounds that there is an imminent risk to an identifiable person or group of death or serious bodily harm, including serious psychological harm that substantially interferes with health or well-being…” Privacy laws don’t contain exact same exemption PIPEDA s. 7(3)(e): “made to a person who needs the information because of an emergency that threatens the life, health or security of an individual” Must inform individual in writing without delay
15. Builders Energy Services Ltd. Alberta IPC Investigation Report P2005-IR-005 Lawyer acting for acquirer of company posted employee personal information on SEDAR, where it was publicly available While case concentrated on whether disclosure of PI was reasonably necessary, clear that lawyer had not considered whether this PI was subject to privacy regime Similar considerations often arise in litigation
16. Technology and Privacy Risks Service providers Storage devices (servers, hard drives, sticks) Laptops Blackberries and smartphones “Cloud computing”
17. Managing Technology Risks Mitigate highest and most immediate risks Inventory personal data maintained by the firm Employee training and management Conduct risk assessment: Information systems design and information processing, storage, transmission and disposal Responding to and preventing attacks, intrusions and systems failures Fix vulnerabilities identified through risk assessment Continually evaluate and adjust information security program
18. Data Retention Policies Privacy laws require lawyer to retain PI for only as long as required for disclosed purposes Ethical obligations require retention of client files until client releases you and all regulatory and liability issues have passed Finding correct balance between hanging on too long and destroying too quickly is tricky, especially since appropriate retention periods may be different depending on nature of data
19. Summary Privacy issues have significant impacts in many practice areas: Family Civil and criminal litigation Real estate Estates Employment law Even in practices where PI of third parties is not critical, have to worry about employee privacy
20. Summary Think about PI issues whenever you handle PI about individuals who are not your clients Know your obligations Know the relevant exceptions you can use to your advantage and in your clients’ interest Privacy obligations are constantly changing Keep informed; PCC and provincial sites, blogs Talk to the experts
21. Thank You! For a copy of these slides, email me at mark@hayeselaw.com