Protection Claims and Privacy: A Rapidly Changing Landscape .

Uploaded on:
Insurance Claims and Privacy: A Rapidly Changing Landscape. Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario CICMA and CIAA Joint Conference February 3, 2004. Impetus for Change. Growth of privacy as a global issue EU Directive on Data Protection
Slide 1

Protection Claims and Privacy: A Rapidly Changing Landscape Ann Cavoukian, Ph.D. Data & Privacy Commissioner/Ontario CICMA and CIAA Joint Conference February 3, 2004

Slide 2

Impetus for Change Growth of security as a worldwide issue EU Directive on Data Protection Increasing measures of individual information gathered, united, collected Consumer backfire; elevated customer desires

Slide 3

Importance of Consumer Trust In the post-9/11 world: Consumers either as concerned or more worried about online protection Concerns concentrated on the business utilization of individual data, not new government reconnaissance powers If buyers have trust in an organization\'s security hones, they will probably: Increase volume of business with organization… … .... 91% Increase recurrence of business… … .… ... 90% Stop working with organization if PI abused… 83% Harris/Westin Poll, Nov. 2001 & Feb. 2002

Slide 4

How The Public Divides on Privacy The "Protection Dynamic" - Battle Dr. Alan Westin for the brains of the pragmatists

Slide 5

Information Privacy Defined Information Privacy: Data Protection Freedom of decision; control; enlightening self-assurance Personal control over the gathering, use and exposure of any recorded data around an identifiable individual

Slide 6

Fair Information Practices: A Brief History OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data EU Directive on Data Protection CSA Model Code for the Protection of Personal Information Canada Personal Information Protection and Electronic Documents Act (PIPEDA)

Slide 7

Summary of Fair Information Practices Accountability Identifying Purposes Consent Limiting Collection Limiting Use, Disclosure, Retention Accuracy Safeguards Openness Individual Access Challenging Compliance

Slide 8

Federal Private-Sector Privacy Legislation Personal Information Protection and Electronic Document Act (PIPEDA) Staggered usage: Federally controlled organizations, 2001 Federal wellbeing area, 2002 Provincially managed private part, 2004

Slide 9

Extension of PIPEDA As of January 1, 2004, PIPEDA has stretched out to:  all individual data gathered, utilized or uncovered as a part of the course of business exercises by commonly controlled associations (counting insurance agencies and autonomous protection agents)  unless a considerably comparable commonplace security law is in power

Slide 10

Provincial Private-Sector Privacy Laws Québec : Act regarding the insurance of individual data in the private division B.C. : Personal Information Protection Act Alberta : Personal Information Protection Act Ontario : draft Privacy of Personal Information Act, 2002 – not presented… so PIPEDA applies

Slide 11

PIPEDA – General Consent Rule Assume insurance agency and agent are in Ontario (PIPEDA applies) Knowledge and assent of the individual are required for the accumulation, use, or divulgence of individual data, aside from where improper In protection claims where there is no suspicion of extortion, agent ought to just gather, utilize and uncover individual data with learning and assent of policyholder

Slide 12

Fraud Investigations Privacy is not a flat out right – it should be adjusted against different premiums PIPEDA perceives open enthusiasm for gathering, utilizing and unveiling individual data without information and assent of individual for misrepresentation examinations

Slide 13

Consent Exceptions in PIPEDA "Investigative bodies" assigned in directions may get and reveal individual data without learning and agree of individual to explore a rupture of an understanding or a negation of the laws of Canada or a region

Slide 14

PIPEDA Regulations November 6, 2003 – Industry Canada issued notification to revise PIPEDA controls to incorporate extra associations as "investigative bodies" Insurance agents and private agents incorporated into proposed list (among others) Amended direction anticipated that would become effective soon (inside the following month)

Slide 15

Protecting Privacy During Investigations "Investigative body" status won\'t give protection agents boundless energy to gather, utilize and unveil individual data without assent Adjusters ought to just gather, utilize and unveil least measure of individual data essential for reasons for examination They ought to likewise guarantee that any outsiders that are held (e.g., private examiners) don\'t abuse security laws when helping with cases examinations

Slide 16

Personal Health Information For a few cases, protection agents gather, utilize and reveal policyholder\'s close to home wellbeing data (PHI), which is considered exceedingly touchy Justice Krever\'s Report on the Confidentiality of Health Information , 1980 The IPC has been calling for enactment to ensure individual wellbeing data since 1987

Slide 17

Provincial Health Privacy Laws Alberta Health Information Act Manitoba Personal Health Information Act Saskatchewan Health Information Protection Act

Slide 18

Ontario: Health Information Protection Act, 2003 (HIPA) Ontario government presented wellbeing protection charge (Bill 31) on December 17, 2003 Referred to Standing Committee on General Government, which is as of now holding open hearings and getting entries Expected to happen July, 2004

Slide 19

General Principles HIPA builds up standards administering the accumulation, use and revelation of individual wellbeing data by wellbeing data caretakers and different people Health data overseers are characterized as people who have guardianship or control of individual wellbeing data as an aftereffect of the work that they do or regarding the forces or obligations they perform

Slide 20

Consent HIPA takes into consideration suggested assent for exposure of PHI inside a patient\'s circle of consideration (e.g., from a family doctor to a master or a lab for testing) HIPA requires express assent for exposure of PHI outside the circle of consideration (e.g., from a family doctor to a protection agent)

Slide 21

Disclosure Without Consent HIPA permits wellbeing data caretakers to unveil PHI without assent just in particular and restricted conditions (e.g., to diminish a danger of genuine real damage to a gathering of people) Section 42 of HIPA manages revelations identified with HIPA and different Acts

Slide 22

Investigations – Section 42(1)(g) Section 42(1)(g) of HIPA permits a wellbeing data overseer to unveil individual data around an individual " … to a man completing an assessment, examination or comparable system that is approved by a warrant or under an Act of Ontario or Canada with the end goal of conforming to the warrant or that Act."

Slide 23

Final Thought The protection scene is quickly changing Be mindful of both PIPEDA and Ontario\'s proposed wellbeing protection enactment (HIPA) when researching and settling protection claims

Slide 24

How to Contact Us Commissioner Ann Cavoukian Information & Privacy Commissioner/Ontario 80 Bloor Street West, Suite 1700 Toronto, Ontario M5S 2V1 Phone: (416) 326-3333 Web: E-mail:

View more...