Language selection


Understanding Social Media Privacy Risks to Enterprises

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Remarks at the IAPP Canadian Privacy Summit

Toronto, Ontario
April 30, 2009

Address by Louisa Garib
Legal Services, Policy and Parliamentary Affairs

(Check against delivery)

Slide 2

“Social Media is a conversation”

  • Online content generated by users
  • Uses accessible technologies
  • Not organized
  • Not controlled
  • Many voices
  • Social dynamic
  • Mainstream — here to stay

Slide 3

Social Networking graphics

Slide 4

Features of Social Media that can give rise to Privacy Risks

  • Users misunderstand privacy risks
  • Intimacy and immediacy— promotes disclosures
  • Users underestimate scope of disclosures
  • Used for Work and for Fun — blurs line
  • Control once information is posted

Slide 5

How serious are the Risks to Enterprises?

  • Don’t know full extent of risk
  • Just beginning to understand technology, use by people, impact on privacy
  • Rapidly changing
  • Beginning to construct appropriate rules of engagement to understand and mitigate risks

Slide 6

What are the Risks of SM?

  • Illegal/unauthorized/inappropriate disclosure of personal or confidential information
  • The employment relationship — internal/discl.
  • Lack of policies, protocols, training, errors
  • Customer Relationship — external/collection
  • Malware, hacking - external/ breach


  • Liability under PIPEDA and other laws
  • Harm to corporate reputation

Slide 7

PIPEDA and Social Media

  • Collection, use and disclosure of personal information
  • Course of commercial activity
  • Employment relationship if FWUB
  • Notice, Consent, Reasonable purpose
  • BUT — other private or confidential information and situations not caught by privacy legislation
  • Still risks to enterprise — Best practices
  • PIPEDA minimum standard - guidance

Slide 8

Disclosures by Employees using SM

  • Personal or corporate SM
  • On or off duty — lines blurred
  • PI about other employees — examples
  • Unionized workplace — neg’n, elections
  • Human rights, harassment, defamation
  • Obscene materials, copyright
  • Clients / customers
  • Business partners
  • Confidential corporate information
  • Reputation and publicity

Slide 9

Collection, Use and Disclosure of Personal Information using SM

  • Recruitment and staffing
  • Monitoring
  • Investigations
  • Change day to day management of the employment relationship
  • Customers — service delivery, managing relationship, marketing information
  • Requests from law enforcement; litigation

Slide 10

How to manage risks?

  • Understand technology — aware of privacy implications for enterprise
  • Aware of information flows — in and out
  • Express policy guidelines on SM and handling PI; understandable; consequences of violation; disseminate widely - OPC Fact sheet
  • Use allowed in the workplace? Will it reduce risks? Create other issues?
  • Education — avoid privacy misunderstandings

Slide 11



Alternate versions

Report a problem or mistake on this page
Error 1: No selection was made. You must choose at least 1 answer.
Please select all that apply (required):


Date modified: