Location: Information Studies Inforum 323.43 R896H (stacks)

A little dated but provides a historical backdrop to the issues addressed in this research effort. A twenty years historical backdrop is sufficient to contextualise research findings.

• OECD, "Privacy Online: OECD Guidelines on Policy and Practice"(Paris: OECD, 2003)

Location: Data, Map __ Government Information Services, ZZ...ED....-2003P65

• P. Carey (LLM), "E-Privacy and Online Data Protection" (Buttterworths, 2002)

Location: Bora Laskin KD3756 .C367 2002 (stacks)

• E Gratton, "Internet and Wireless Privacy: a legal guide to global business practices" (CCH, Canada: 2003)

Location: Bora Laskin HF5415.1265 .G73 2003 (stacks)

• A.J. Marcella and C. Stucki, "Privacy Handbook: guidelines, exposures, policy implementation and international issues" (Hoboken, N.J.: John Wiley __ Sons, Inc., 2003.)

Location: Bora Laskin JC596.2 .U5 M317 2003

How privacy management dictates corporate performance. In today's politically and financially volatile environment, corporations must keep up with current privacy legislation and mores, as well as have a strong company privacy policy that their employees and customers can trust. The Privacy Handbook provides organizations with everything they need to know to ensure that privacy considerations cohere with their global business strategy. Authors Albert Marcella and Carol Stucki discuss the critical risk areas regarding corporate privacy, examining them from every individual, organizational, and national angle.

Topics covered include: Domestic and international privacy, advocates, Employee monitoring, Technological surveillance, Data sharing, Retention procedures, Identity theft, Software tools.

The Privacy Handbook proves a comprehensive resource for CEOs, CFOs, CIOs, audit managers, controllers, and corporate lawyers

.

• S. Gutwirth, "Privacy in the Information Age" (Rowman __ Littlefield Publishers, 2002)

Location: Bora Laskin K3263 .G8813 2002 (stacks)

Serge Gutwirth advances the intriguing thesis that privacy is in fact the safeguard of personal freedom--the safeguard of the individual's freedom to decide who she or he is, what she or he does, and who knows about it. Any restriction on privacy thus means an infringement of personal freedom. And it's exactly this freedom that plays an essential role in every democracy.

• A Frackman, "Internet and Online Privacy: a legal and business guide" (New York: ALM Publishers, 2002)

Location: Bora Laskin KF390.5 .C6 F69 2002 (stacks)

Analyzing the legal issues concerning online and Internet privacy, this book covers the historical developments leading to the current state of the law and the relevant legal actions that have helped to shape it. Examined are the leading lawsuits that have asserted invasion of privacy on the Internet, the comparison of the state of the law in the United States with that of its principal trading partners around the world, and enforcement activity by the Federal Trade Commission. Also covered are proposals for new legislation and precedents for drafting a privacy policy that conforms to standards required by United States and international law.

• D. Peppers, "Managing Customer Relationships: a strategic framework" (John Wiley __ Sons,2004)

Location: Business Information Centre (Rottman) HF5415.5 .P458 2004 (stacks)

Part 1: Principles of managing customer relationships; Evolution of relationships with customers; Thinking behind customer relationships -

Part 2: "IDIC" implementation process: a model for managing customer relationships. Customer relationships: basic building blocks of IDIC and trust; Identifying customers; Differentiating customers: some customers are worth more than others; Differentiating customers by their needs; Interacting with customers: customer collaboration strategy; Using the tools of interactivity to build learning relationships; Privacy and customer feedback; Using mass customization to build learning relationships -

Part 3; Measuring and managing to build customer value; Measuring the success of customer-based initiatives; Customer analytics and the customer-strategy enterprise; Organizing and managing the profitable customer-strategy enterprise; Delivery channel issues of the enterprise focused on building customer value; Store of the future and the evolution of retailing -- Appendix: Where do we go from here?

• M., Henry, "International Privacy, Publicity and Personality Laws' (Butterworths, 2001)

Location: Bora Laskin K3263 .I58 2001 (stacks)

• Office of the Privacy Commissioner, "Your privacy responsibilities : Canada's Personal Information Protection and Electronic Documents Act : a guide for businesses and organizations" (OPC: Canada, 2000)

Location: Trinity College Library KE5325 .A32 A2 2000 TRIN (stacks)

An official guide to PIPEDA

• H. Henderson, "Privacy in the Information Age" (New York : Facts On File, c1999)

Location: UofT Scarborough KF1263 .C65 H46 1999 SCAR (stacks)

This book includes a guide on researching privacy issues.

"In a world in which information on individuals is available quickly, cheaply, and easily, interest in privacy rights is growing. Both theoretical and practical, this book does a creditable job of surveying the topic by providing an overview of the issues, a survey of the applicable laws and court cases, a chronology, and an extensively annotated bibliography. The chapter titled "How to Research Privacy Issues" is a comprehensive pathfinder, complete with search strategy tips and URLs for web-based searching. Librarians will like the section on organizations and agencies that directs users to associations with an interest in privacy rights. The entries here include the requisite name, address, and phone number as well as the organization's URL and e-mail address and a description of purpose. An important resource for any library in which privacy issues are investigated."--Joan Pedzich, Harris, Beach __ Wilcox, Rochester, NY Copyright 1999 Cahners Business Information

Some would say that a half page or so would cover the subject entirely, but Henderson, a technical writer, is concerned not so much with personal privacy itself as the lack of it, the implications for individuals, and the measures to slow its further erosion. He explores who owns personal information, whether people have the right to decide who gets information and what they do with it, who is responsible when erroneous information leads to denial of service or arrest, and other issues. Like others in the series, the volume is intended to provide facts and views to support debate.

• L. Lessig, "Code and Other Laws of Cyberspace," (New York: Basic Books,1999)

Location:  Bora Laskin ZA3225 .L47 1999 (stacks)

"With the assistance of a team of researchers, Jamieson--who is dean of the Annenberg School of Communications at the University of Pennsylvania and author of Packaging the Presidency--presents a collection of essays that empirically challenge some widespread political assumptions. The findings are extrapolated from the Annenberg Campaign Mapping Project, the most thorough investigation conducted of modern presidential campaigns, which was based on analyses of 2,535 speeches, 880 ads, and 23 debates. The author stresses the importance of campaigns: presidents work hard to keep their campaign promises, or voters will penalize them. Campaign ads are important, and negative ads are useful when they criticize an opponent's policies. Televised news is racially biased, one of her studies reveals: persons of colour are more likely to be portrayed as perpetrators and whites as victims, although most crimes are intra- and not interracial. The optimistic Jamieson disputes the unsubstantiated view of a broken political system manipulated by scheming politicians who run rampant over an apathetic electorate. This scholarly yet accessible appraisal is recommended for academic and larger public libraries"-- Karl Helicher, Upper Merion Twp. Lib., King of Prussia, PA Copyright 2000 Cahners Business Information.

• European Commission, "On-line Services and Data Protection and the Protection of Privacy" (Luxembourg: Office for Official Publications of the European Communities; Lanham, Md.: Bernan Associates [distributor], 1999.)

Location: Data, Map and Government Information Services, ZZ...EM.260-1999O54 (government publications)

• J. Holovast, "The Global Encyclopaedia of Data Protection Regulation" (Kluwer Law International, 1999)

Location: Bora Laskin K3264 .C65 G58 LAW V.1 (stacks)

A valuable resource for comparative research on privacy regulations in other jurisdictions as in the year 1999; may provide a point of departure and should be used to point the researcher in the direction possible amendments, repeals and replacements of the data protection laws discussed here.

• A, Etzioni, "The Limits of Privacy" (Basic Books,1999)

Location: Robarts Library JC596.2 .U5 E79 1999X (short term loan)

This is an interesting and provocative debate on the need to qualify rights to privacy.

"Sociologist Etzioni's latest [book] will stir debate on issues of privacy. As in previous books (e.g., The New Golden Rule, Basic Books., 1997), Etzioni espouses the philosophy of communitarianism, which holds that individual rights must be balanced with concern for the common good. He favors HIV testing of infants, opposes encrypted messages, favors national ID cards, and proposes isolating sex offenders in villages akin to leper colonies. The book carefully dissects each issue, offering detailed statistics and addressing opposing viewpoints. At the conclusion of each chapter, Etzioni shows how a balanced analysis leads to a solution. He criticizes the ACLU for its sole emphasis on individual liberties and argues that the Constitution's Fourth Amendment, the right to be free from unreasonable search and seizure, does not make privacy a privilege. While not everyone will agree with his conclusions, Etzioni has crafted a compelling argument for compromise between the views of libertarians and government. Recommended for all public libraries." --Harry Charles, Attorney at Law, St. Louis Appeared in: Library Journal, Apr 01, 1999 (c) Copyright 1999, Cahners Business Information, a division of Reed Elsevier, Inc. All Rights Reserved

Journal Articles:

• C.O. Schoenberger, "Consumer Myths v. Legal Realities: How Can Businesses Cope?" (2004) 16 Loy. Consumer L. Rev. 189.

Location: Online, Lexis-Nexis

To accommodate public concerns regarding actual or perceived privacy rights, businesses must adopt a credible privacy protection policy. By creating a written policy, both the consumer and the seller know the rules. The seller would be bound under contract law and other consumer laws to adhere to the written policy. Finally, when a customer still insists on his or her right to return, notwithstanding the written policy, good communication of the policy, and the trained and helpful staff, businesses should designate an employee or employees trained to tactfully talk with the irate customer.

• R.K. Pippin, ‘Consumer Privacy on the Internet: It's "Surfer Beware"' (1999) 47 A.F. L. Rev. 125.

Location: Online, Lexis-Nexis

A web site, in reality, is an Internet destination where you can look at and retrieve data. What many consumers are unaware of is that web sites also collect personal information through cookies, or cookie files. Cookie technology refers to a file left on a computer's hard drive to track the user's travels around a particular web site. A seal program requires the licensees to abide by codes of on-line information practices and to submit to various types of compliance monitoring in order to display a program's privacy seal on their web site. However, it is worth emphasizing that in the world of on-line privacy, one does not have to buy something to have personal information collected on them -- simply visiting a web site is enough. Turning again to the FTCA, the Commission alleged the web site falsely represented that personal information collected from children, including information about family finances, would be maintained anonymously. The seal program only covered the Microsoft web site and, therefore, did not apply to privacy breaches involving its software.

• M.C. Keck, "Article: Cookies, The Constitution, and The Common Law: A Framework For The Right Of Privacy On The Internet" (2002) 13 Alb. L.J. Sci. __ Tech. 83

Location: Online, Lexis-Nexis

The advent of the information age has created new mediums to access the flow of personal information that endanger both the privacy and dignity of our well-ordered society. However, if a user submits personal information to a website, the third-party can then begin to create a personally identifiable profile of the user. These [Court decisions] and other references to the right of privacy, particularly as a protection against various types of governmental interference and the compilation of elaborate written or computerized dossiers, may give rise to the expansion of the four forms of tort liability for invasion of privacy listed in this Section or the establishment of new forms. In the Shibley case, long before the advent of the commercial Internet, the court in 1975 focused on the fact that the Ohio legislature allowed the sale of the names and addresses of registrants of motor vehicles finding that, "defendants' activity does not constitute an invasion of privacy is indicated by the fact that the Ohio legislature has enacted R.C. 4503.26 permitting the sale of names and addresses of registrants of motor vehicles. ... While judicial creation is appropriate in most states, especially those that have judicially recognized the invasion of privacy torts, Appendix A presents a sample statute that could be enacted to statutorily create an information privacy tort.

• J.M. Blank, ‘"Safe Harbor" And The European Union's Directive On Data Protection' (2000) 11 Alb. L.J. Sci. __ Tech. 57

Location: Online, Lexis-Nexis

Consumers should be given notice of an entity's information practices before any personal information is collected from them. While the scope and content of notice will depend on the entity's substantive information practices, notice of some or all of the following have been recognized as essential to ensuring that consumers are properly informed before divulging personal information: ... The surveys included a set of content analysis questions which more closely scrutinized how well the privacy disclosure implemented each of the four main principles of fair information practices: Notice, Choice, Access, and Security. ... The 2000 Report discussed in detail the content analysis questions pertaining to each of the fair information practice principles, Notice, Choice, Access and Security.

• J. McDonnell, "Exporting Trust: Does E-Commerce Need a Canadian Privacy Seal of Approval?" (2001) 39 Alberta L. Rev. 346

Location: Online, Lexis-Nexis

It has been suggested that Canada should develop a consumer protection seal, or trustmark, for placement on web sites as an assurance that privacy is not at risk in the on-line environment. This article explores whether a Canadian trustmark would be redundant in light of the Personal Information Protection and Electronic Documents Act.

Consumers are sceptical about surrendering personal information online when it can so easily be collected, used, and disclosed for purposes beyond their control. Data protection laws have been around since the early 1970s, but the Internet's mass acceptance has added new urgency to their development and spread.

The author contrasts the protection offered by the Act with the policies of three high-profile trustmark programs to better understand where the legislative and self-regulatory approaches merge and diverge. He makes a proposal for a Canadian trustmark that uses the federal law as a starting point, but, at the same time, embraces more consumer-oriented and Internet-aware policies. Bringing this program to the international stage would be a priority because there is little point in restricting such an effort to one country.

• S. Karas, "Privacy, Identity, Databases" (2002) 52 Am. U.L. Rev. 393

Location: Online, Lexis-Nexis

The past several decades have been characterized by a growing concern over consumer privacy. It develops a legal definition of privacy that encompasses both the cultural meaning of consumer data collection and the established principles of privacy law. Since these choices are an expression of personal identity, we can effectively employ the principles of privacy law to control the collection and sale of consumer information. While most legal scholars rely on models of informational privacy that poorly fit the context of consumer information collection, this Article proposes a new model for protecting consumer information, incorporating both the cultural meaning of data collection and the basic principles of privacy law. Once we accept that consumption is an expressive activity, building a theoretical framework for protection of consumer privacy becomes a more intellectually coherent enterprise. Would Warren or Brandeis have gotten so exercised over the right to protect one's preferences in breakfast cereal? Because of this deficiency, a new rationale for protecting consumer data must be developed to address the public's concern that data collection represents a serious privacy invasion. "By focusing on the property characteristics of personal information, privacy scholars may construct sophisticated economic models but miss this gut reaction to data collection." 

• W.T. Devries, "Protecting Privacy in the Digital Age" (2003) 18 Berkeley Tech. L.J. 283

Location: Online, Lexis-Nexis

"You have zero privacy anyway ... Get over it." With this proclamation, Scott McNealy, founder of Sun Microsystems, anchored the radical edge of the privacy debate for the digital world. He viewed it as a foregone conclusion that, in the information age, any "secret" thing committed to digital form was subject to instant and inevitable distribution. But while digital technology has drastically changed the privacy landscape, reports of the death of privacy have been greatly exaggerated.

• I. Goldberg, A. Hill, and A. Shostack, "Trust, Ethics and Privacy" (2001) 81 B.U.L. Rev. 407

Location: Online, Lexis-Nexis

... As more and more people and businesses communicate and transact on the Internet, concern has grown over what "going online" means to privacy. ... An entirely different sense of the word is captured in Amazon.com's privacy policy: "Amazon.com knows that you care how information about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly. ... In addition, consumers tend to visit a large number of web sites, each with a unique privacy policy. ... Nearly every site now has a privacy policy, and most start with the words "Your privacy is important to us. ... These practices are sometimes enacted into laws, and the content of what constitutes fair information practices continues to evolve. ... There is no notification or privacy policy posted on EZPass's homepage. ... Amazon.com was one of the first e-tailers to consider issues of privacy in a prominent way. They issued a privacy policy with quite a few promises in it. It is unclear whether this elaborate privacy policy helped their phenomenal rise. More recently, Amazon.com issued a new privacy policy that removed some of those protections. ... This situation is analogous to the situation that exists on the Internet.

• L.E. Ribstein, "Law v. Trust" (2001) 81 B.U.L. Rev. 553

Location: Online, Lexis-Nexis

Trust is a kind of social glue that allows people to interact at low transaction costs. ... As discussed below in Part II, law is irrelevant to the socially valuable, or strong form, trust. ... II. Law and Strong Form Trust ... In this model, regulation might "seed" relationships that ultimately develop into strong form trust. ... Semi-strong form trust is particularly important in firms. ... David Kreps' theory of corporate culture is an example of semi-strong form trust in firms. ... The court held that Salmon breached his fiduciary duty to Meinhard, describing this duty in memorably strong and colourful language. ... Reputation and Other Semi-Strong Form Trust ... Regulation cannot create strong form trust on the Internet anymore than in other areas. ... Legal regulation also interferes with the role of private organizations in internalizing some of the costs of creating social capital that underlies strong form trust on the Internet. ... Strong form trust provided by altruism, norms, personal relationship, and social capital, and semi-strong trust that permits reliance on private ordering, may be useful policy goals because these forms of trust decrease friction and thereby increase social wealth. ...

• H. Nissenbaum, "Securing trust online: Wisdom or Oxymoron?" (2001)  81 B.U.L. Rev. 635

Location: Online, Lexis-Nexis

This essay is about trust in the online world. ... Rather, it is an attempt to show that the way we stipulate the conditions of the online world may be decisive for whether or not trust is achieved. ... The value of trust for a robust online world is obvious. Trust is a key to the promise the online world holds for great and diverse benefits to humanity - its potential to enhance community, enliven politics, hasten scientific discovery, energize commerce, and more. ... Trust would invigorate the online world; suspicion and insecurity would sap its vibrancy and vitality. ... Following others, I use the term "confidence" to refer to trust in systems, recognizing that trust in the online world begins with confidence in systems, but does not end there. ... Returning to the online world, we would expect that trust here holds a key to similar good ends: improving the quality of personal experiences, relationships, and communal and civic life, and stabilizing governance. We can expect that more people and institutions will "buy in" to the online world, will engage with others online, if there is sufficient trust.

• S. Byers, "The Internet: Privacy Lost, Identities Stolen" (2001) 40 Brandeis L.J. 141

Location: Online, Lexis-Nexis

Personal information changes hands constantly. ... In this section, current law will be reviewed and analyzed to determine whether it is sufficient to deal with identity theft in the Internet era. ... The Electronic Communications Privacy Act of 1986 ("ECPA") prohibits the unauthorized interception of, disclosure of, or access to "electronic communications stored in a facility involved in electronic communications services and for knowingly divulging the content of such communications while in storage. ... "And, it does not address the problems associated with the availability of personal information on the Internet. ... Again, such legislation does not sufficiently deal with the problem of the easy availability of personal information on the Internet. ... "The European Union and Canada have taken different approaches which may prove to be effective in protecting personal information on the Internet. ... The Data Privacy Directive is very comprehensive with very strict requirements, which disable information gatherers, like information brokers on the Internet, from gathering and disclosing personal information freely. ... However, as these principles are widely implemented by organizations, personal information will not be so easily accessible on the Internet and information brokers will not find their job so easy, thus, leading to a decline in identity theft.

• K. Basho, "The Licensing of Our Personal Information: Is It a Solution to Internet Privacy?" (2000) 88 Calif. L. Rev. 1507

Location: Online, Lexis-Nexis

... The increase in the private sector's collection and use of individuals' personal information raises a new threat to privacy in the electronic marketplace. ... This type of exploitation of individuals' personal information, ⁵ without their consent or knowledge, leaves many Internet users feeling as if they have no privacy. ... A licensing system would allow an Internet user (licensor) greater control over what an Internet business (licensee) does with her personal information. ... However, this Part will argue that UCITA applies to licenses of personal information and will show how it would facilitate a licensing system. ... "From this conclusion, it seems easy to assume that sending personal information over the Internet should be considered a "computer information transaction" protected by the Act. ... Fourth, the licensing system allows individuals to receive compensation for the use of their personal information. ...  

• M.J. Schlesinger and J.M. Silverman, "Insuring Privacy: Is Your Company Covered?" (2001) 8 Conn. Ins. L.J. 269

Location: Online, Lexis-Nexis

Privacy is emerging as one of the hottest cyber-tort liability issues of the new millennium. ... Invasion of privacy has been covered under CGL policies for some time under the personal and advertising injury coverage grants. ... In one recent insurance case, however, the court found that simply "telling members of the local community" private facts constituted "publication" for purposes of triggering CGL privacy coverage. ... But companies should be aware that insurers may argue that actions that precede publication, such as the improper "gathering" and use of information about a person, are insufficient to constitute a covered CGL privacy claim. ... "Further, the definition of "advertisement" has been modified to specifically include for purposes of advertising injury coverage "material placed on the Internet or on similar electronic means of communication." ... Also, importantly, the "publication" of private information is not required for privacy coverage under some new Internet forms. ... This situation also exists with respect to another insurer's media liability policy. ... Policyholders, accordingly, must be prepared to confront the insurer argument that any violation of a privacy statement that results in a claim is "intentional" and is, therefore, not covered, necessarily resulting in a fact-intensive and potentially expensive coverage dispute

• J.B. Rule, "Toward Strong Privacy: Values, Markets, Mechanisms, and Institutions" (2004) 54 UTORLJ 183

Location: Online, Westlaw-Carswell

What trend is more distinctive of our times than the dramatically changing social role of information? What social force promises more far-reaching consequences than continuing innovation in that role? Among information processes, none are more important than those involving information on specific people. For a vast array of vital social and economic activities, personal data have become an indispensable 'raw material.' For countless government and private organizations, crucial products, services, performances, and responsibilities require finely calculated use of data on the person concerned. Throughout the world's prosperous societies, it has become increasingly rare to deal with any governmental or private-sector organization without generating and relying upon a database of personal information.

• L.I. Rotman, "The Fiduciary Regulation of E-Commerce" (2004) 29 QUEENLJ 739

Location: Online, Westlaw-Carswell

Although e-commerce is a relatively new phenomenon, it has quickly entrenched itself in the contemporary commercial psyche. Its rapid expansion has created new challenges for those seeking to ensure its continued vitality while simultaneously protecting the interests of its users. The transjurisdictional nature of e-commerce increases these challenges. For the most part, e-commerce regulation has looked to traditional methods, such as legislation, international agreements, and voluntary self-regulation (including web site privacy policies and third-party web seals or trustmarks). These methods do not always pay sufficient attention to the interactive nature of e-commerce transactions, and to the fact that the central issue in e-commerce regulation is fostering user confidence in the system. The fiduciary concept is concerned with maintaining the integrity of certain important relationships in contemporary society. By focusing on the often neglected but essential human interaction component of e-commerce, the fiduciary concept could provide a valuable means of coming to grips with the problem of user confidence. This paper does not seek to demonstrate how the fiduciary concept is to be applied to any particular form of e-commercial interaction, but only to establish a conceptual basis for the application of fiduciary principles to e-commerce by fleshing out these threshold issues, leaving the task of precise application for another day.

• Prof. G.J Walters, "Digitizing Technology, Transforming Ourselves: Can We Ethically Balance Human Rights and Security?" (1999) 10 NJCL 373

Location: Online, Westlaw-Carswell

This article examines the challenges that new information technologies pose for economic, civil and political rights. It begins with a scenario of a day in the life of our surveillance society. Next, the article surveys the security and technology challenges surrounding the use of smart cards, biometric encryption, closed circuit television cameras, electronic monitoring, genetic testing, information warfare, netwar and computer crime, global surveillance and cryptography. The article argues that while regulation is vitally necessary, it is insufficient for coping with the ethical challenges of the information age. The false opposition between human rights and community must be overcome. Finally, the article proposes a new type of humanity, grounded in an ethic of mutuality, trust and transparency, as the solution.

• C. McTaggart, "A Layered Approach to Internet Legal Analysis" (2003) 48 MCGLJ 571

Location: Online, Westlaw-Carswell

The analysis of Internet legal and policy issues is aided by an understanding of the Internet's unique, layered architecture. This article proposes a conceptual model of the Internet that reflects its layered architecture. The model is offered to decision-makers, policy-makers, and legal analysts, not only as a roadmap or guide to understanding the Internet, but also as a tool for identifying Internet legal issues with the appropriate degree of granularity. Precise identification enables state and legal actors to assess the impact of policy choices in a comprehensive manner by allowing them to consider the implications of those policy choices for the Internet's various elements.

• C. Berzins, "Protecting Personal Information in Canada's Private Sector: The Price of Consensus Building" (2002) 27 QUEENLJ 609

Location: Online, Westlaw-Carswell

The recent federal statute governing collection and disclosure of personal information in the private sector, the Personal Information Protection and Electronic Document Act (PIPEDA), was met with a welcome embrace by privacy advocates. However, the author argues that PIPEDA established a weak framework in terms of oversight and enforcement, largely due to the vague, open-ended nature of the federal government's initial policy objectives, the failure to ask penetrating questions at critical steps in the policy process and the lack of empirical and comparative analysis on key issues. A number of factors, such as the government's motivation to maintain a commercially driven and "light handed" approach to this legislation, may inhibit PIPEDA from fostering privacy protection to the standards set out by the international community. The complaint-driven approach to privacy protection will likely result in a narrow and reactive approach to privacy, characterized by a slow and costly complaint process that invites delay from parties who are reluctant to comply with the legislation. In its place, the author proposes an alternative model that would include an expert privacy tribunal with binding adjudicatory powers and substantive rulemaking authority. The author suggests that the extensive privacy foundation established by voluntary code building and the consensus-driven Canada Standards Association Model Code will mitigate the serious weaknesses in the federal legislation.

­­­­­­­­­­­­_________________________

Feel free to direct questions and comments on the above annotated bibliography to Patrick Okecho, LLM [pokecho@utoronto.ca]