Wait a Minute Mr. Postman … 3 Lessons Health Canada's Privacy Breach Delivers to the Private Sector

Advanced Filters

Please search by first or last name. e.g: "John" or "Smith". Your search will begin after typing at least 2 characters. Searching...
Sort by: Relevance | Name

We are pleased to provide you with detailed biographies on our lawyers, paralegals and administrative team, so you can learn more about how we can best support your business' success.

Use the search bar above or the advanced filters to further narrow your search by service, industry, office location, bar admissions, title, education and language.

: Service; Industry; Office; Position; Bar Admission; Education; Language

Contact Form

: Contact

We want to hear from you: Did we delight you with great service or a timely insight? Did we miss the mark? Are you looking for legal advice? If so, we want to know. Just type a few lines into our form, send an email to client.service@mcinnescooper.com, or call 1-855-622-6668.

Charlottetown

141 Kent St., Suite 300
McInnes Cooper Building
Charlottetown, PE
C1A 1N3

Tel: 902.368.8473
Fax: 902.368.8346

Fredericton

570 Queen St., Suite 600
Barker House
Fredericton, NB
E3B 6Z6

Tel: 506.458.8572
Fax: 506.458.9903

Halifax

1969 Upper Water St., Suite 1300
Purdy’s Wharf Tower II
Halifax, NS
B3J 3R7

Tel: 902.425.6500
Fax: 902.425.6350

Moncton

644 Main St., Suite 400
Blue Cross Building, South Tower
Moncton, NB
E1C 1E2

Tel: 506.857.8970
Fax: 506.857.4095

Saint John

1 Germain St., Suite 1700
Brunswick Square
Saint John, NB
E2L 4V1

Tel: 506.643.6500
Fax: 506.643.6505

St. John’s

10 Fort William Pl., 5th Floor
Baine Johnston Centre
St. John’s, NL
A1C 1K4

Tel: 709.722.8735
Fax: 709.722.1763

More Publications

Publication

Wait a Minute Mr. Postman ... 3 Lessons Health Canada’s Privacy Breach Delivers to the Private Sector

March 25, 2015

By David Fraser, at McInnes Cooper

On March 3, 2015 Canada’s Privacy Commissioner determined that Health Canada breached privacy laws by mailing letters to over 40,000 Marihuana Medical Access Program clients – in envelopes clearly displaying the names of both the Program and the recipients. The Privacy Commissioner’s decision is based on the privacy law applicable to the Federal Government, but similar privacy laws apply to all Canadian private sector organizations – making this decision relevant to all organizations operating in Canada.

These days, electronic communication gives “snail mail” a run for its money when it comes to communicating with customers and contacts. The recent implementation of Canada’s Anti-Spam Legislation (CASL) has focused attention on the privacy laws applicable to electronic communications; for more on CASL, visit McInnes Cooper’s CASL Knowledge Page at www.mcinnescooper.com/services/privacy/casl/.

Despite this, traditional mail is still a significant mode of business communications; the cumbersome CASL rules might even lead to increased use of it. But there are also privacy laws – and risks – applicable to traditional mail, as the Privacy Commissioner’s finding demonstrates.

THE PRIVACY COMPLAINT

Health Canada handles Canada’s Marihuana Medical Access Program. In 2013, Health Canada needed to mail letters to 41,514 of the Program’s clients. It didn’t have a policy about the return address information for its letters, but normally used envelopes preprinted with the recipients’ information and a return address that didn’t reveal the Program name. But this time, there was a problem with the envelopes. Health Canada was in a hurry, so it repackaged the letters in envelopes with oversized windows through which the recipient’s address – and the full Program name – was clearly visible.

Over 300 of the Program members who received the letters lodged privacy complaints. They said Health Canada breached the privacy law by disclosing their personal information (their identity and involvement with the Program) to postal employees and the public without their consent. The Privacy Commissioner of Canada agreed: read his decision in the Marihuana Medical Access Program Complaint under the Privacy Act.

3 LESSONS DELIVERED TO THE PRIVATE SECTOR

The Privacy Commissioner’s decision is based on the privacy law applicable to the Federal Government. However, the federal and provincial privacy laws that apply to the public and private sectors contain similar provisions – making this decision relevant to all organizations operating in Canada. Here are 3 lessons they can learn from Health Canada’s privacy breach:

There’s a lot at stake. A person affected by a breach of privacy laws has a couple of options – and they aren’t mutually exclusive: she can pursue one or both at the same time. She can lodge a complaint with the relevant privacy regulator; every organization operating in Canada is subject to oversight by one or more privacy regulator. She can also sue for financial compensation for the privacy breach, and that compensation can be significant. If multiple people are affected, they can also join together and lodge a class action for the breach – which the Program clients have also done. McInnes Cooper currently acts for Program members in a proposed privacy breach class action against Health Canada seeking financial compensation for its privacy breach.
You might be inadvertently disclosing “personal information”. When sending traditional mail communications to customers or contacts, you might be inadvertently disclosing personal information – and breaching privacy laws in the process. Stop and think about what you send by mail, and the information it discloses about the recipient and to whom. A simple but common example is collection letters. Many businesses extend in-house credit to customers, and not all of them pay on time. So you might be sending letters letting those customers know their accounts are “past due”, giving them “final notice” or informing them their accounts are “in collection”. To make sure they open and read those letters, you might be stamping this information on the outside of the envelopes carrying them. But the recipient isn’t the only person who will see it: postal workers who handle the mail will see it; other household members (spouses, kids, room-mates…) who likely handle the mail will see it; and neighbors who might handle the mail (for example, who do the recipient a favour by picking up their mail while they are away, ill, etc.) will see it. You’ve just disclosed the recipient’s identity and the financial state of their account with you. Is this “personal information”? Yes; a person’s health information is “personal information” (the Health Canada mistake is one example) and so is a person’s financial information (see, for example, McInnes Cooper’s: PIPEDA Leaves Lender Out In The Cold – 5 Reasons To Review Your Loan Agreement). Do you have their consent to disclose it? If not, you might be violating a privacy law.
Create & implement a policy. Maybe you’re regularly disclosing more information to more people than you thought you were – maybe even more than you intended. Maybe it doesn’t happen regularly – but even once, and even accidentally, is enough. In the Health Canada case, the Privacy Commissioner acknowledged Health Canada’s normal practice didn’t disclose personal information, and the disclosure was the result of an administrative error – but even once is a breach of the privacy law. To avoid or minimize the likelihood of a privacy breach, create a policy to deal with mail communications that specifically considers what information your mail communications disclose and to whom. Implement that policy fully, including communicating it to the relevant employees and training them on how to follow it – and why it’s so important to do so.

Please contact your McInnes Cooper lawyer or any member of our McInnes Cooper Privacy Law Team to discuss this topic or any other legal issue.

McInnes Cooper has prepared this document for information only; it is not intended to be legal advice. You should consult McInnes Cooper about your unique circumstances before acting on this information. McInnes Cooper excludes all liability for anything contained in this document and any use you make of it.

© McInnes Cooper, 2015. All rights reserved. McInnes Cooper owns the copyright in this document. You may reproduce and distribute this document in its entirety as long as you do not alter the form or the content and you give McInnes Cooper credit for it. You must obtain McInnes Cooper’s consent for any other form of reproduction or distribution. Email us at publications@mcinnescooper.com to request our consent.

People

Services

Industries

Technology, Media & Telecom

Publication

July 29, 2015

Medical Marijuana Privacy Breach Class Action Lawsuit Can Go Ahead

On July 27, 2015, the Federal Court of Canada decided a lawsuit by medical marijuana program participants against the Federal...

Publication

December 23, 2014

PIPEDA Leaves Lender Out in the Cold: 5 Reasons to Review Your Loan Agreement

NOTE: On November 17, 2016 the Supreme Court of Canada reversed the Ontario Court of Appeal’s decision in this case;...

We are pleased to provide you with detailed biographies on our lawyers, paralegals and administrative team, so you can learn more about how we can best support your business' success.

Advanced Filters

Contact

We want to hear from you: Did we delight you with great service or a timely insight? Did we miss the mark? Are you looking for legal advice? If so, we want to know. Just type a few lines into our form, send an email to client.service@mcinnescooper.com, or call 1-855-622-6668.

Charlottetown

Fredericton

Halifax

Moncton

Saint John

St. John’s

Send Us Feedback

Un moment s'il vous plaît...

We are pleased to provide you with detailed biographies on our lawyers, paralegals and administrative team, so you can learn more about how we can best support your business' success.

Advanced Filters

Contact

We want to hear from you: Did we delight you with great service or a timely insight? Did we miss the mark? Are you looking for legal advice? If so, we want to know. Just type a few lines into our form, send an email to client.service@mcinnescooper.com, or call 1-855-622-6668.

Charlottetown

Fredericton

Halifax

Moncton

Saint John

St. John’s

Send Us Feedback

Un moment s'il vous plaît...

Share this with others

Twitter

Facebook

Google +

LinkedIn

Email