Skip to main content
You are here: News

News

The following news feed provides an overview of the current activities and news from APPA members.

The articles on this page are updated regularly from members’ news and media pages. If you have any questions or concerns about the content contained in the articles, please contact the respective member. You can locate members’ details underneath each article or on our Contact us page.

Array

Statement from BC Information and Privacy Commissioner on report to the House of Commons recommending changes to federal privacy legislation

On June 19, the Parliamentary Standing Committee on Access to Information, Privacy and Ethics released a report entitled Addressing Digital Privacy Vulnerabilities and Potential Threats to Canada’s Democratic Electoral Process. The report was issued as part of the Committee’s work studying the privacy breach involving Cambridge Analytica and Facebook.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
22 Jun 2018, 6:00am AEST

FTC Announces Hearings On Competition and Consumer Protection in the 21st Century

The Federal Trade Commission today announced that the agency will hold a series of public hearings on whether broad-based changes in the economy, evolving business practices, new technologies, or international developments might require adjustments to competition and consumer protection enforcement law, enforcement priorities, and policy. The multi-day, multi-part hearings, which will take place this fall and winter, will be similar in form and structure to the FTC’s 1995 “Global Competition and Innovation Hearings” under the leadership of then-Chairman Robert Pitofsky. 

“The FTC has always been committed to self-examination and critical thinking, to ensure that our enforcement and policy efforts keep pace with changes in the economy,” FTC Chairman Joe Simons commented today. “When the FTC periodically engages in serious reflection and evaluation, we are better able to promote competition and innovation, protect consumers, and shape the law, so that free markets continue to thrive.”

The hearings and public comment process will provide opportunities for FTC staff and leadership to listen to interested persons and outside experts representing a broad and diverse range of viewpoints. Additionally, the hearings will stimulate thoughtful internal and external evaluation of the FTC’s near- and long-term law enforcement and policy agenda. The hearings may identify areas for enforcement and policy guidance, including improvements to the agency’s investigation and law enforcement processes, as well as areas that warrant additional study.

In advance of these hearings, public comments on any of the following topics may be submitted to the FTC: 

  1. The state of antitrust and consumer protection law and enforcement, and their development, since the Pitofsky hearings;
  2. Competition and consumer protection issues in communication, information, and media technology networks;
  3. The identification and measurement of market power and entry barriers, and the evaluation of collusive, exclusionary, or predatory conduct or conduct that violates the consumer protection statutes enforced by the FTC, in markets featuring “platform” businesses;
  4. The intersection between privacy, big data, and competition;
  5. The Commission’s remedial authority to deter unfair and deceptive conduct in privacy and data security matters;
  6. Evaluating the competitive effects of corporate acquisitions and mergers;
  7. Evidence and analysis of monopsony power, including but not limited to, in labor markets;
  8. The role of intellectual property and competition policy in promoting innovation; 
  9. The consumer welfare implications associated with the use of algorithmic decision tools, artificial intelligence, and predictive analytics;
  10. The interpretation and harmonization of state and federal statutes and regulations that prohibit unfair and deceptive acts and practices; and
  11. The agency’s investigation, enforcement, and remedial processes.

The Commission will invite public comment in stages throughout the term of the hearings.

  • Through August 20, 2018, the Commission will accept public comment on the topics identified in the announcement. Each topic description includes issues of particular interest to the Commission, but comments need not be restricted to these subjects.
  • Additionally, the Commission will invite comments on the topic of each hearing session. The FTC will issue a news release before each session to inform the public of the agenda, the date and location, and instructions on submitting comment.
  • The Commission will also invite public comment upon completion of the entire series of hearings.

Public comments may address one or more of the above topics generally, or may address them with respect to a specific industry, such as the health care, high-tech, or energy industries.  Any additional topics for comment will be identified in later notices.

The hearings will begin in September 2018 and are expected to continue through January 2019, and will consist of 15 to 20 public sessions. All hearings will be webcast, transcribed, and placed on the public record. A dedicated website for information about the hearings including the schedule as it evolves can be found at www.ftc.gov/ftc-hearings.

Public Comments:  Interested parties are invited to submit written comments on the topics listed above to the FTC, either electronically at www.ftc.gov/ftc-hearings or in paper form. FTC staff may use these comments in any subsequent reports or policy papers.  Comments should refer to “Competition and Consumer Protection in the 21st Century Hearings, Project Number P181201.” If an interested party wishes to comment on multiple topics, we encourage filing a separate comment for each topic. If an interested party wishes to make general comments about the hearings, we encourage filing a comment in response to Topic 1. For this stage of the public comment process, comments will be accepted until August 20, 2018.

If you prefer to file a comment in hard copy, write ‘‘Competition and Consumer Protection in the 21st Century Hearing, Project Number P181201,” on your comment and on the envelope and mail your comment to the following address: Federal Trade Commission, Office of the Secretary, 600 Pennsylvania Avenue NW., Suite CC–5610 (Annex C), Washington, DC 20580, or deliver your comment to the following address: Federal Trade Commission, Office of the Secretary, Constitution Center, 400 7th Street SW., 5th Floor, Suite 5610 (Annex C), Washington, DC 20024.

The FTC Act and other laws that the Commission administers permit the collection of public comments. More information, including routine uses permitted by the Privacy Act, may be found in the FTC’s privacy policy, available at ftc.gov/site-information/privacy-policy.

For Further Information Contact:  Derek Moore, Office of Policy Planning, 202-326-3367, John Dubiansky, Office of Policy Planning, 202-326-2182 or email us at CCPhearings@ftc.gov.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
20 Jun 2018, 10:00pm AEST

FTC Approves Alimentation Couche-Tard Inc.’s Application for Sale of a Third Retail Fuel Station in Alabama

The Federal Trade Commission has approved an application by Alimentation Couche-Tard Inc., or ACT, to divest the last of the three Alabama retail fuel stations that ACT is required to divest under the FTC’s Jan. 5, 2018, order. The order settles charges that ACT’s acquisition of competitor Jet-Pep, Inc. would violate federal antitrust law.

ACT will sell the fuel station, which is located in Valley, Alabama, to PPBB, LLC. PPBB is an acceptable buyer. PPBB is a new entrant and PPBB’s owner has substantial business experience in operating a retail fuel station.

On June 8, 2018, the FTC approved the divestiture of two retail fuel stations, in Brewton and Monroeville, Alabama to Marketplace Development LLC.  

The Commission vote to approve the application was 5-0. (FTC File No. 1710207; the staff contact is Elizabeth Piotrowski, Bureau of Competition, 202-326-2623.)

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about how competition benefits consumers or file an antitrust complaint. Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
19 Jun 2018, 10:00pm AEST

Kim Dotcom v Crown Law Office

In a recent decision, the Human Rights Review Tribunal had to decide whether the transfer of Kim Dotcom’s requests for personal information to the Attorney-General was permitted under section 39 of the Privacy Act and, if it was, whether there was a proper basis for the subsequent refusal of the requests.

In July 2015, Mr Dotcom requested all personal information about him (including information in his previous names) from nearly every government department. Nearly all the Crown agencies transferred their requests to the Attorney General. Mr Dotcom’s requests were refused under section 29(i)(j) of the Privacy Act on the basis that they were vexatious and, due to their broad scope, included information that was trivial.

Transfer of requests

The Crown argued that the Attorney-General was best placed to deal with the information requests in the context of ongoing litigation. However, in hearing the case, the Tribunal considered that section 39(b)(ii) did not allow information privacy requests to be transferred in the context of the Crown’s overall litigation strategy. It determined that the information in question was not more closely connected to the functions or activities of the Attorney-General.

The Tribunal referred to the October 2014 High Court decision Dotcom v USA, where Justice France noted that Mr Dotcom should seek his personal information from the relevant agencies rather than the extradition court.

Whether the requests were vexatious

In the Crown’s view, Mr Dotcom’s requests were intended to disrupt the extradition hearing. However, the Tribunal found Mr Dotcom to be a credible witness and rejected the idea that there was an ulterior purpose to his request.

The Tribunal found that s 29(i)(j) must be applied with caution, particularly when higher courts have directed Mr Dotcom to use the Privacy Act to seek his personal information.

The Tribunal noted that agencies are not well placed to determine whether a request is vexatious as they are not aware of the personal circumstances of the requester. In its view, it must be manifestly clear that the request is vexatious or the information requested is trivial.

Remedies

The remedies were:

  • A declaration that there was an interference with Mr Dotcom’s privacy in transferring the requests to the Attorney-General and in refusing the requests on the grounds that they were vexatious.
  • An order that the Crown agencies comply with Mr Dotcom’s requests from July 2015 subject to the Privacy Act.

Damages

1. Loss of a benefit

The Tribunal awarded Mr Dotcom $30,000 for loss of a benefit relating to his requests for personal information to multiple agencies in the context of his extradition litigation.

The Tribunal referred to Proceedings Commissioner v Health Waikato where the High Court took a serious view of a refusal to provide personal information in the context of litigation. It found that Mr Dotcom’s case was exceptional because he correctly believes that a wide range of government agencies have personal information about him and at least one agency (GCSB) has previously unlawfully collected information about him.

2. Loss of dignity or injury to feelings

The damages awarded for loss of dignity, or injury to feelings was $60,000.

The Tribunal accepted that Mr Dotcom had “clearly and unambiguously” established loss of dignity and injury to feelings, as defined in Hammond v Credit Union Baywide. It stated that anxiety and stress can amount to injury to feelings and this can be assumed or inferred.

The Tribunal considered Mr Dotcom’s loss of dignity and injury to feelings was substantial and noted the unfounded stigmatisation of his requests as vexatious and not genuine.

A more detailed summary of the decision on our website can be read here.

Image credit: Painted finch via John J Audubon's Birds of America

Office of the Privacy Commissioner, New Zealand
Source: Blog
19 Jun 2018, 9:28am AEST

FTC, BBB, and Law Enforcement Partners Announce Results of Operation Main Street: Stopping Small Business Scams Law Enforcement and Education Initiative

Today, the Federal Trade Commission, jointly with the offices of eight state Attorneys General, the New York Division of the U.S. Postal Inspection Service, two U.S. Attorneys’ Offices and the Better Business Bureau (BBB), announced the results of Operation Main Street: Stopping Small Business Scams, a law enforcement initiative targeting operations seeking to defraud small businesses, and an education outreach effort to help small businesses protect themselves from fraud.

Operation Main Street - Stopping Small Business Scams (24 Law enforcement actions nationwide; 12 Partners in law enforcement, including the FTC, brought these federal and state actions; 6+ Types of scams - including unordered merchandise, business directories, fake invoices, and imposters - collected more than $290 million from businesses in these cases) - Go to ftc.gov/smallbusiness.The agencies are announcing a total of 24 actions involving defendants who allegedly perpetrated scams against small businesses, including one new FTC case, three other FTC actions from the past six months, two criminal actions announced by U.S. Attorneys’ Offices and 18 actions by state AGs over the past year.

The BBB is announcing a new research report on small business scams that provides substantial new insights into how fraud affects small businesses. In addition, the FTC and the BBB are pleased to announce new business education materials, designed to help small business owners and their employees avoid, identify and report scams.

“Millions of U.S. consumers either own or work at small businesses nationwide, and the FTC is happy to join with our law enforcement partners and the BBB to help stop scams and spread the word about how they can identify and avoid scams targeting their livelihood,” said Chairman Joe Simons. “A top FTC priority is to stem the tide of fraud against small businesses.”

“Scams are a significant – and growing – problem for small businesses,” said Beverly Baskin, President and CEO, Council of Better Business Bureaus. “Nearly two thirds of those we surveyed said their business had been targeted by a scammer in the past three years, and many said that their businesses suffered a loss of consumer trust as a result. BBB is pleased to partner with the FTC to help small businesses spot and avoid scams and fraud.”

“The role of the state attorney general is not to second guess lawful business decisions. But when someone scams or defrauds a business, they should be held accountable. In doing so, we create an environment where all legitimate business owners can thrive,” said Arizona Attorney General Mark Brnovich.

FTC’s New Enforcement Action

Today, the FTC announced the following new case as part of Operation Main Street:

In Premium Business Pages, the FTC charged nine individual and corporate defendants based in Canada and the United States with operating a common enterprise that, since at least 2013, has made unsolicited calls to small businesses and other organizations to induce them to pay for unordered Internet directory listings, search engine optimization services or website design and hosting services. The defendants allegedly targeted consumers using various different business names, including Premium Business Pages, Ameteck Group, The Local Business Pages and Data Net Technologies.

According to the FTC, when contacting consumers for the first time, the defendants claim to be calling to collect on a past-due invoice for one of the defendants’ services. In reality, the consumers – who are often small businesses – never ordered or agreed to buy anything from the defendants and were not previously sent an invoice. In many cases, the defendants’ telemarketers threaten that if the invoice is not paid promptly, the consumers’ accounts will be turned over to “collections” or will be “red flagged.” Some consumers are also told that their credit will be negatively affected.

The complaint alleges that to induce consumers to pay immediately, the defendants’ telemarketers sometimes offer “discounts” on the supposedly outstanding amount, or offer to “waive” additional fees and costs. If consumers accept and agree to pay the lower amount, they are told they must pay promptly, usually within 24 hours. In many cases, even after receiving fake invoices, consumers refuse to pay. The defendants then take additional steps to coerce them into paying, including by making repeated calls demanding payment.

The FTC alleges that in some cases, even after a consumer has paid money they did not owe, the defendants call back weeks later, sometimes claiming to be a different company demanding payment for other “outstanding invoices,” or claiming that the consumer’s first payment was only the first installment. As a result, many consumers have paid hundreds or even thousands of dollars for services they never ordered and did not want.

The Commission vote approving the complaint against Premium Business Pages was 5-0. The complaint was filed in the U.S. District Court for the Northern District of Illinois, Eastern Division on June 13, 2018, and the judge has granted the FTC’s request for a temporary restraining order against the defendants.

The FTC acknowledges the assistance of the Canada Competition Bureau in the case against Premium Business Pages, as well as the Better Business Bureau of Louisville, Western Kentucky & Southern Indiana, the Better Business Bureau of Los Angeles and Silicon Valley, and the Better Business Bureau of Chicago and Northern Illinois.

Recent FTC Enforcement Actions

The FTC recently announced three additional actions that are part of Operation Main Street:

  • PointBreak Media, filed in May 2018, in which the FTC charged a Florida-based scheme with deceiving small business owners by robocalling small businesses claiming to represent Google, falsely threatening them with removal from Google search results, and falsely promising first-place or first-page placement in Google search results.
  • DOT Authority, settled in March 2018, in which the operators of a registration service for motor carriers settled FTC charges that they impersonated, or falsely claimed affiliation with, the U.S. Department of Transportation and other government agencies to get small trucking businesses to pay them for federal and state motor carrier registrations. In connection with the settlement, the defendants agreed to injunctive relief and paid $900,000, which will be used to fund consumer redress.
  • A-1 Janitorial, announced in November 2017, in which at the FTC’s request, a federal court temporarily halted a New York-based office supply scheme that charged small businesses and non-profit organizations millions of dollars for “free” samples of cleaning and other products.

State and Criminal Enforcement Actions

Through 18 actions announced today, eight state Attorneys General, two U.S. Attorneys’ Offices, and the U.S. Postal Inspection Service, New York Division, contributed to the success of Operation Main Street. The FTC has a long history of working with other law enforcers at all levels of government on appropriate cases.

The cases brought by state and other criminal enforcers as part of Operation Main Street targeted a wide range of allegedly deceptive activities against small businesses, including, among others:

  • unordered merchandise scams, in which the defendants try to charge consumers for toner, light bulbs, cleaner and other office supplies they never ordered;
  • imposter scams, in which the defendants use deceptive tactics, such as claiming an affiliation with a government or private entity, to trick consumers into paying for corporate materials, filings, registrations, or fees;
  • scams involving unsolicited faxes or robocalls offering business loans and vacation packages; and
  • scams involving fake invoices sent to small businesses, in which the defendants try to coerce the companies into paying for products they never received.

BBB’s Small Business Scams Research Report

Also today, the BBB issued its “Scams and Your Small Business Research Report.” The report, which is available on the BBB’s website and in hard copy, is designed to educate and empower small businesses to speak up and report fraud, enabling the BBB to expand its knowledge of how scams uniquely impact these consumers.

The report is based on results from a new survey that was conducted in March 2018 by six local BBBs. It contains information from approximately 1,200 small businesses nationwide.

Key results include:

  • 67 percent of the respondents surveyed believe there is a growing risk of scammers targeting small businesses, with only three percent believing that the risk has decreased over the past three years.
  • The top five scams identified as putting small businesses at risk are: 1) bank/credit card company imposters; 2) directory listing and advertising services; 3) fake invoices/supplier bills; 4) fake checks; and 5) tech support scams.
  • 38 percent of respondents believe that hearing generally about a particular type of scam is the best way to proactively protect their business, followed by 35 percent who think the best way is to have generally heard about the methods and behaviors of scammers.
  • The primary motivations for small businesses to report scams included helping to warn others about the scams, trying to bring justice to the scammer and trying to recover money lost through the scam.

FTC/BBB Education Materials

Finally, as an important component of Operation Main Street, the FTC and BBB today issued co-branded materials that are available on their respective websites to help small businesses identify and avoid potential scams.

“Scams and Your Small Business” is available in both English and Spanish, and includes information on scammers’ tactics, how small businesses can protect themselves from scams, common scams that target small businesses, how to report a scam and related resources.

The FTC and BBB would like to thank the AGs from the following states for their invaluable law enforcement contributions to Operation Main Street: 1) Arizona, 2) Delaware, 3) Florida, 4) Indiana, 5) Missouri, 6) New York, 7) Tennessee and 8) Texas. The FTC and BBB also appreciate the assistance of the U.S. Attorney’s Office for the District of Maryland, the U.S. Attorney’s Office for the Southern District of New York and the New York Division of the U.S. Postal Inspection Service.

The FTC also appreciates the help of the following federal, state and local partners in publicizing the initiative and promoting the consumer education information: The U.S. Small Business Administration, the Attorneys General Offices of Colorado, Nebraska, Nevada, Pennsylvania and Utah, and the Fresno County Office of the District Attorney.

NOTE: The Commission files a complaint when it has “reason to believe” that the law has been or is being violated and it appears to the Commission that a proceeding is in the public interest. The case will be decided by the court.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

For more than 100 years, the Better Business Bureau has been helping people find businesses, brands, and charities they can trust. In 2017, people turned to BBB more than 160 million times for BBB Business Profiles on more than 5.2 million businesses and Charity Reports on 11,000 charities, all available for free at bbb.org. The Council of Better Business Bureaus is the umbrella organization for the local, independent BBBs in the U.S, Canada, and Mexico, as well as home to its national and international programs on dispute resolution, advertising review, and industry self-regulation.

Federal Trade Commission, United States
Source: Press Release Feed
18 Jun 2018, 10:00pm AEST

OIPC Deputy Commissioner Jay Fedorak confirmed as new Information Commissioner for Jersey in the British Channel Islands

BC’s Information and Privacy Commissioner Michael McEvoy issued the following statement:

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
16 Jun 2018, 6:00am AEST

Information Publication Scheme — 2018 Survey of Australian Government agencies

The 2018 Information Publication Scheme (IPS) Survey of Australian Government agencies that are subject to the Freedom of Information Act 1982 (Cth) has commenced.

If you have any questions or require further information about the IPS Survey, please contact Mabel Dela Cruz of ORIMA Research on (02) 6109 6300 or surveys@orima.com or OAIC contact officer Emma Liddle Acting Director FOI on (02) 9284 9717 or emma.liddle@oaic.gov.au.

Office of the Australian Information Commissioner
Source: News - OAIC
31 May 2018, 6:54am AEST

General Data Protection Regulation commences 25 May

The European Union (EU) General Data Protection Regulation (GDPR) comes into force on 25 May 2018. The GDPR will harmonise data privacy laws across Europe, and replace existing national data protection rules.

Office of the Australian Information Commissioner
Source: News - OAIC
24 May 2018, 11:28pm AEST

Working with Industry 2: Are you ready for the GDPR?

This guest post was contributed by Nicola Hermansson, APAC Data Protection & Privacy Leader at EY. It is the second in our Working with Industry series of guest posts. The Working with Industry series do not necessarily reflect the views of our office and are published to inform and stimulate debate on topical privacy issues and developments.

Friday 25 May is D-Day for the European Union’s General Data Protection Regulation (GDPR), yet many organisations in this part of the world don’t know what it is and how it will impact them. Only 12 percent of Asia Pacific businesses impacted by GDPR have a plan to address it.

GDPR: What is it, who does it apply to, and why should you care?

The GDPR is an EU regulation, but it has global reach. Essentially, it requires that organisations doing business in the EU or processing data of individuals in the EU implement a number of data protections. A failure to do so can be met with fines of up to 4 percent of global annual turnover or €20million, whichever is greater. Many New Zealand organisations with EU connections are affected and will need to change their processes to be compliant.

Data breaches happen too often. The failure of organisations to protect and respect their customers’ personal data has led to customer trust being eroded. The GDPR requires organisations to be more responsible for their customer and employee personal data, and gives control back to individuals. In addition, the GDPR is setting a new global standard for the management of personal data, which is causing change well beyond the borders of the EU.

What does it mean for your organisation?

Organisations need to be accountable and proactive. A good start is to document all personal data processing activities and map data flows so that the organisation is aware of what data it has and how that data is used and managed.

The GDPR focuses on facilitating the rights of individuals, including the right to have data collected, used and disclosed in a robust manner, rights of access to data, the portability of data between various organisations, and the right to be “forgotten”.

Consent for processing personal data must be freely given, specific, informed and unambiguous. It cannot be bundled with other written agreements. A catch-all tick box is no longer good enough. Having privacy notices hidden in general terms and conditions is no longer acceptable.

Organisations need to incorporate data protection into the way that they manage their business using privacy impact assessments and Privacy by Design principles to embed privacy into the way that business is done.

Certain breaches must be disclosed within 72 hours, to both supervisory authorities and potentially to affected individuals.

Key challenges of GDPR

In this data-driven era, organisations desire more and more personal data, but have not been demonstrating the same desire to protect it. Many organisations are struggling to identify what personal data they possess, where it is, who has access to it, what third parties they have given it to, and what they are using it for.  A set and forget approach cannot be adopted when business is constantly challenged to use existing data sets in new ways.

The GDPR demands accountability – organisations need to get their data under control and demonstrate compliance. Many organisations who have not previously focused on data protection are finding that complying with the GDPR is taking more effort than they anticipated. Becoming GDPR compliant requires work, forethought, planning and very importantly, senior stakeholder buy-in.

For organisations that have done little to prepare, it may seem overwhelming, but taking a balanced approach, with a focus on high-risk personal data processing, can make the challenge more palatable. Organisations that really embrace the purpose and spirit of the GDPR can make privacy a valuable differentiator. They can turn compliance from a challenge to an opportunity, from a chore into a chance to differentiate and a tangible demonstration of their company values.

If your organisation has yet to fully understand how GDPR impacts it, your new compliance obligations and the extent of your personal data processing, you need to act now. It is never too late to start thinking about data protection. This Friday marks a significant date in what should be an ongoing journey towards data management maturity for every organisation – whether impacted by the GDPR or not.

Image credit: GDPR via Tech Talks

 

Office of the Privacy Commissioner, New Zealand
Source: Blog
24 May 2018, 8:58am AEST

2018 PAW Business Breakfast

The European Union’s General Data Protection Regulation (EU GDPR) and the complexity of the modern privacy landscape were the key discussion points for the Privacy Awareness Week (PAW) Business Breakfast yesterday morning.

Office of the Australian Information Commissioner
Source: News - OAIC
14 May 2018, 11:40pm AEST

Appearance before the Standing Committee on Access to Information, Privacy and Ethics to discuss the breach of personal information involving Cambridge Analytica and Facebook

Good morning, I very much appreciate the invitation to appear this morning — my first time before you as BC’s new Information and Privacy Commissioner. It is also a great pleasure to do so with my colleague Commissioner Elizabeth Denham. In fact it was only a few short weeks ago, that I was in the UK assisting Commissioner Denham with the investigation she touched on a moment ago.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
12 May 2018, 6:00am AEST

Supreme Court’s Alsford decision affirms role of the Privacy Act

R v Alsford is an important privacy decision. The Supreme Court has clarified the law in relation to voluntary requests for personal information by law enforcement agencies, and affirms the obligations and responsibilities of both the law enforcement requester and the responding agency.

The decision affirms the importance and policy of the Privacy Act, and its relationship with other relevant statutes, including the production order regime in the Search and Surveillance Act 2012, the test for the admissibility of evidence under section 30 of the Evidence Act 2006 and the test for an unreasonable search under section 21 of the New Zealand Bill of Rights Act 1990.

The Privacy Commissioner’s transparency reporting trial revealed confusion in the private sector about the lawful basis for law enforcement requests for personal information.

The Alsford case was a criminal pre-trial matter and it presented an opportunity for judicial clarification. The Privacy Commissioner was granted leave to be heard on the privacy issue. The Court’s decision was released in March 2017, subject to non-publication orders that have now been lifted.

The Court considered whether a production order should have been used to obtain power consumption data from electricity providers in an investigation of suspected cannabis cultivation, and whether the power consumption data was obtained in breach of privacy principle 11(e)(i) of the Privacy Act.

The Police made requests to three electricity providers for power consumption data from the defendant’s properties. All three companies disclosed the information sought under privacy principle 11(e)(i) of the Privacy Act. This manner of obtaining the power consumption information and its use to support subsequent production order and search warrant applications to uncover evidence of offending was one of the grounds of appeal.

The majority of the Supreme Court (4:1) affirmed the Police’s ability, in the circumstances and in the absence of a production order, to ask for power consumption information in the form of monthly aggregated data, despite finding that one of the three requests did not provide sufficient information to justify the resulting disclosure. That particular disclosure was therefore not justified in terms of principle 11(e) and, to that extent, there was a breach of the Privacy Act.

The decision also affirms that where the Police obtain information from service providers about customers on a voluntary basis, they must not infringe section 21 of the New Zealand Bill of Rights Act (the right to be secure against unreasonable search and seizure). 

The Supreme Court decision can be read here. 

You can also read the Privacy Commissioner's rules for information disclosures here.

Lastly, there is also the Privacy Commissioner's Commentary on R v Alsford.

Image credit: Kōtuku - Department of Conservation - New Zealand Birds A-Z

Office of the Privacy Commissioner, New Zealand
Source: Blog
11 May 2018, 1:26pm AEST

Privacy Commissioner Meets Central and Western Concern Group Regarding Legislative Councillor Ted Hui's Incident

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
11 May 2018, 10:00am AEST

“Privacy: From Principles to Practice” – Privacy Awareness Week 2018SME Privacy Protection Campaign Launches to Gather Wisdom and Build Sustainable Competitive Advantage

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
8 May 2018, 10:00am AEST

PCPD Awarded ERB “Manpower Developer” *** Deputy Privacy Commissioner for Personal Data and Assistant Privacy Commissioner for Personal Data Appointed

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
4 May 2018, 10:00am AEST