Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Another Example of Insider Threat: Computer Security Specialist Uses Access to Snoop in the Department of Education Computer He Was Auditing | Main | What Businesses Need to Know About Compliance »

New Privacy Bill Proposed in Canada: Highlights Need for Organizations to Implement Global Data Protection Activities

David T.S. Fraser has a great blog covering information privacy in Canada, The Canadian Privacy Law Blog.  He just posted the proposed Bill 16, the Personal Information International Disclosure Protection Act, that was introduced in the Nova Scotia legislature last week.

Just one of the interesting passages within:

"5(1)  A public body shall ensure that personal information in its custody or under its control is stored only in Canada and accessed only in Canada, unless
           (a)  where the individual the information is about has identified the information and has consented, in the manner prescribed by the regulations to it being stored in or accessed from, as the case may be, outside Canada;
           (b)  where it is stored in or accessed from outside Canada for the purpose of disclosure allowed under this Act; or
           (c)  the head of the public body has allowed storage or access outside Canada pursuant to subsection (2).

       (2)  The head of a public body may allow storage or acess outside Canada of personal information in its custody or under its control, subject to any restrictions or conditions the head considers advisable, if the head considers the storage or access is to meet the necessary requirements of the public body's operation."

The proposed bill is 11 pages long, and there is much, much more.  However, this gives you a good indication and good flavor for how this *proposed* bill is incorporating more and more of the OECD privacy principles and aligning even more more with the types of requirements such as those found within the EU Data Protection Directive than their existing laws, such as Canada's PIPEDA.

In the past few years it seems most U.S. organizations, with regard to international data protection activities, have been primarily concerned with data protection issues within their EU offices and for their EU customers.  This proposed Canadian bill is likely to be a bellwether for more and similar bills within other countries.  A good reason for organizations everywhere to start thinking more globally and in a more unified manner with regard to handling the personal information they collect.

Technorati Tags







 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on May 8, 2006 10:15 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/78

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.