Understanding Personal Information: Managing Privacy Risks
One Year Subscription Only Terms
Subscribers receive the product(s) listed on the Order Form and any Updates made available during the annual subscription period. Shipping and handling fees are not included in the annual price.
Subscribers are advised of the number of Updates that were made to the particular publication the prior year. The number of Updates may vary due to developments in the law and other publishing issues, but subscribers may use this as a rough estimate of future shipments. Subscribers may call Customer Support at 800-833-9844 for additional information.
Subscribers may cancel this subscription by: calling Customer Support at 800-833-9844; emailing email@example.com; or returning the invoice marked 'CANCEL'.
If subscribers cancel within 30 days after the product is ordered or received and return the product at their expense, then they will receive a full credit of the price for the annual subscription.
If subscribers cancel between 31 and 60 days after the invoice date and return the product at their expense, then they will receive a 5/6th credit of the price for the annual subscription. No credit will be given for cancellations more than 60 days after the invoice date. To receive any credit, subscriber must return all product(s) shipped during the year at their expense within the applicable cancellation period listed above.
From user profiles and location information to IP addresses and RFID, the world of information technology has evolved at a rapid pace, exposing both individuals and organizations to new levels of risk - and responsibility. Yet, data protection and privacy laws are still applying a definition of "personal information" that was developed in the 1970s. It's time to take a fresh look at the definition and develop a new legal framework for assessing which data should be classified as personal information. And that's precisely what this new publication, Understanding Personal Information: Managing Privacy Risks, aims to do.
Highlights of this Book
Researched and written by Eloïse Gratton, a leading expert in information technology law, new media and privacy issues, this volume provides a thorough investigation of the concept of personal information, including:
- A full examination of the definition and interpretation of "personal information" found in Canadian data protection laws (PIPEDA and provincial private sector laws from B.C., Alberta and Quebec), as well as European data protection directives
- A summary of the historical context leading to the adoption of data protection laws and the elaboration of the definition of personal information
- A review of emerging technologies and the challenges they trigger for the protection of personal information in an information age
- A useful assessment tool to assist organizations handling information of their clients, employees or website users in determining whether the information handled qualifies as personal information and the kind of potential privacy risks or harm involved
- An analysis of the types of privacy harm which may result from personal information being collected, used and disclosed, and a guide on how to mitigate privacy risks
- A helpful examination of the interpretation of the notion of "identifiable" (as opposed to anonymous) information
- A review of Canadian case law addressing the issue of when personal information is considered "accurate" and "relevant" for its intended use in accordance with applicable Canadian data protection laws
- A practical framework for Canadian data protection laws in light of modern technologies
An Important Resource
This guide is a valuable reference book for organizations that handle personal information as well as their legal counsel as it will help them assess:
- Whether the information they manage is or should be covered under the definition of personal information
- The sensitivity of the information they handle, the type of security measures they should be implementing and the type of consent they should be obtaining from their employees, clients and users
- The situations in which a security breach will trigger a significant risk of harm for individuals affected
- Whether individuals have a right to damages resulting from a confirmed breach under PIPEDA or any similar provincial law
In addition, Understanding Personal Information: Managing Privacy Risks may be of interest to Canadian lawyers, lawmakers, policymakers, privacy commissioners, courts, consumer groups, and governmental authorities and agencies.
Table of contents
1. Background Leading to the Definition of Personal Information
1.1. Historical Background Leading to Laws Protecting Personal Information
1.1.1. Evolution of the Notion of Privacy
1.1.2. Control over Personal Information and Fair Information Practices
1.1.3. Definition of Personal Information: Origin and Background
1.2. Technological Background Affecting Personal Information
1.2.1. Increase in Volume of Information
1.2.2 New Types of Information and Collection Tools
1.2.3. New Identifying Methods
1.2.4. New Uses of Information
1.2.5. Increased Availability of Data
2. Constructing the Definition of Personal Information
2.1. Deconstructing the Definition of Personal Information
2.1.1. Deconstructing the Concept of Privacy as Control
2.1.2. Deconstructing the Efficiency of the Definition of Personal Information
2.2. Reconstruction Taking into Account Underlying Risk of Harm
3. Implementation the Risk of Harm Approach to the Definition of Personal Information
3.1. Subjective Harm Associated with Definition of Personal Information
3.1.1. Subjective Harm Resulting from the Collection of Information
3.1.2. Subjective Harm Resulting from the Disclosure of Information
3.2. Objective Harm Associated with the Definition of Personal Information
3.2.1. Objective Harm Resulting from the Use of Information