Common menu bar links

Home > News Room > Speeches

Institutional links

Got Spam? Learn how to protect yourself Securing Personal Information: A Self-Assessment Tool for Organizations Privacy For Small Business Online Tool Privacy Quiz for businesses Research funded by the OPC Privacy Breach? Information for Organizations How to lodge a Privacy complaint

News Room

  • News

    Year
  • Speeches

    Year
  • Upcoming Events

Media Relations

Contact:
Anne-Marie Hayden
Tel: (613) 995-0103

Non-journalists are invited to contact our Information Centre. Please call
1-800-282-1376 (toll free) or (613) 947-1698 and ask to speak with an Information Officer.

Address:
112 Kent Street
Ottawa, ON
K1A 1H3
Fax: (613) 995-1139

Speeches

Understanding Social Media Privacy Risks to Enterprises

PDF Version

Remarks at the IAPP Canadian Privacy Summit

Toronto, Ontario
April 30, 2009

Address by Louisa Garib
Legal Services, Policy and Parliamentary Affairs

(Check against delivery)

Slide 2

“Social Media is a conversation”

  • Online content generated by users
  • Uses accessible technologies
  • Not organized
  • Not controlled
  • Many voices
  • Social dynamic
  • Mainstream — here to stay

Slide 3

Social Networking graphics

Slide 4

Features of Social Media that can give rise to Privacy Risks

  • Users misunderstand privacy risks
  • Intimacy and immediacy— promotes disclosures
  • Users underestimate scope of disclosures
  • Used for Work and for Fun — blurs line
  • Control once information is posted

Slide 5

How serious are the Risks to Enterprises?

  • Don’t know full extent of risk
  • Just beginning to understand technology, use by people, impact on privacy
  • Rapidly changing
  • Beginning to construct appropriate rules of engagement to understand and mitigate risks

Slide 6

What are the Risks of SM?

  • Illegal/unauthorized/inappropriate disclosure of personal or confidential information
  • The employment relationship — internal/discl.
  • Lack of policies, protocols, training, errors
  • Customer Relationship — external/collection
  • Malware, hacking - external/ breach

Consequences:

  • Liability under PIPEDA and other laws
  • Harm to corporate reputation

Slide 7

PIPEDA and Social Media

  • Collection, use and disclosure of personal information
  • Course of commercial activity
  • Employment relationship if FWUB
  • Notice, Consent, Reasonable purpose
  • BUT — other private or confidential information and situations not caught by privacy legislation
  • Still risks to enterprise — Best practices
  • PIPEDA minimum standard - guidance

Slide 8

Disclosures by Employees using SM

  • Personal or corporate SM
  • On or off duty — lines blurred
  • PI about other employees — examples
  • Unionized workplace — neg’n, elections
  • Human rights, harassment, defamation
  • Obscene materials, copyright
  • Clients / customers
  • Business partners
  • Confidential corporate information
  • Reputation and publicity

Slide 9

Collection, Use and Disclosure of Personal Information using SM

  • Recruitment and staffing
  • Monitoring
  • Investigations
  • Change day to day management of the employment relationship
  • Customers — service delivery, managing relationship, marketing information
  • Requests from law enforcement; litigation

Slide 10

How to manage risks?

  • Understand technology — aware of privacy implications for enterprise
  • Aware of information flows — in and out
  • Express policy guidelines on SM and handling PI; understandable; consequences of violation; disseminate widely - OPC Fact sheet
  • Use allowed in the workplace? Will it reduce risks? Create other issues?
  • Education — avoid privacy misunderstandings

Slide 11

Questions?

1-800-282-1376

www.priv.gc.ca



Date Modified: 2009-09-16
Return to Top of Page
Top of Page
Important Notices