About the Project

 The Personal Information Protection and Electronic Documents Act (PIPED Act) was enacted to establish rules to govern the legitimate collection use and disclosure of personal information in a manner that recognizes the right of individual privacy.

With the application of the PIPED Act to "all commercial activity" as of January 1st 2004, the staggered implementation the Act is now complete. Part one of the Act is scheduled for review in 2006.

The central aim of this project will be to evaluate the implementation of PIPED Act by reviewing privacy statements posted on the Internet by companies in the telecommunications, airlines, banking and retail sectors.

Privacy policies provide the consumer with an indication of what he or she is entitled to expect. This helps to overcome uncertainty in the marketplace and facilitate a transaction that might not otherwise take place. It has been noted that consumers are "far less willing to entrust their personal data to organizations that, at a minimum, don't have a postedprivacy statement." Indeed, the PIPED Act itself is explicitly premised on the notion that good privacy policies and practices can promote electronic commerce.

A company's statement is clearly a communication between the organization and the consumer as to how personal data will be handled, what is not so clear is the extent to which privacy policies satisfy the requirement of "openness" pursuant to PIPED Act

The openness principle states that:

An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.

This principle contemplates the consumer being able to ascertain information about the organization's business practice with respect to the use collection and disclosure of personal information without unreasonable effort on the part of the individual. While this principle is by no means unqualified, it is the case that an organization's privacy policy should at a minimum, be in a form that is intelligible and appropriately conveys both what the consumer is entitled to expect as well as organization's statutory obligations.

Organizations make information about their policies and practices available in a variety of ways. The method chosen depends on the nature of its business and other considerations. An organization may make brochures in its place of business, mail information to its customers, provide online access, or establish a toll-free telephone number.

While these activities can be said to satisfy the requirement of openness in the PIPED Act concerns remain about the efficacy of these practices in view of the fact that the majority of unrealized on-line transactions that have resulted from a lack of openness will go unreported. An informal review of web-based privacy statements on Canadian private sector sites suggests that privacy policies are to some extent merely diaphanous expressions of goodwill rather than a clear articulation of enforceable legal commitments.

This project will compare the approach to communicating privacy policy and practice by organizations in the airline, telecommunications, banking and retail sectors. We selected the first three industries because they are federally regulated and the PIPED Act has applied to them since its entry into force.

About the Project's Supporting Organizations

The Centre for Innovation law and Policy is a not for profit academic institution located at the University of Toronto Faculty of Law. The Centre is governed by three bodies: The Executive Committee, the Advisory Board and the Academic Co-ordinating Committee. The Executive Committee is responsible for the day-to-day operation of the Centre. These activities are overseen by the Centre's Advisory Board. Province wide curricula related to innovation and the law are guided by the Centre's Academic Co-ordinating Committee which includes the Centre's Executive Director and representatives from Ontario's six law schools.

Working in partnership with the Centre on this project will be the the Information Policy Research Program (IPRP) based at the Faculty of Information Studies. Since 1995 IPRP has served as an organizing umbrella for a series of research projects examining key public information policy issues, notably access, privacy and governance. These issues are studied particularly in relation to rapid Canadian developments in information/communications infrastructure, electronic commerce and the 'knowledge-based economy/society' generally. Three current projects are: Digital Identity Constructions, Everyday Experiences of Networked Services, and the Canadian Research Alliance for Community Innovation and Networking, all funded by the Social Science and Humanities Research Council (SSHRC). IPRP also sponsors a variety of events, including the monthly Information Rights Salon (formerly the Privacy Lecture Series). Professors Andrew Clement and Nadia Caidi, who serve as Research Advisors for this proposal, are active IPRP researchers.

Project Principal Personnel

Lead Researcher
Rajen Akalu, University of Toronto Faculty of Law

Co-Researcher
Sooin Kim, University of Toronto Faculty of Law

Research Advisors
Andrew Clement, University of Toronto Faculty of Information Studies
Lisa Austin, University of Toronto Faculty of Law
Nadia Caidi, University of Toronto Faculty of Information Studies
Andrea Slane, University of Toronto, Faculty of Law and Osler Hoskin __ Harcourt.