By: Bashir Fancy, I.S.P. (ret.), CEO & Chair, CIPS National
CIPS Speaks to Federal Privacy Commissioner:
Based on the submission of our whitepaper in July 2016 see http://www.cips.ca/papers, CIPS was invited to a meeting with the Federal Privacy Commissioner, as well as his Provincial counterparts to discuss the themes that they picked out of the various submissions. Discussions centered around two major issues. Firstly:
a. “Implied Consent” – Legal Counsels/Compliance Officers from General Motors, Xerox and a couple of other Corporations argued that if an individual has consented to something with that Organization, it was a perpetual one and those Corporations could use it for anything and everything. On behalf of CIPS, I presented a counterargument citing real examples. The CIPS position received support from the participants, but more importantly from Daniel Therrien, the Federal Privacy Commissioner.
b. The second issue was whether Corporations should be allowed to self-regulate and how would penalties be applied, given that very few organizations have been charged so far. This issue identified that the Federal Privacy Commissioner did not have sufficient powers. Corporations felt that self-regulation was sufficient and the Federal Privacy Commissioner did not need any more powers. CIPS argued that self-regulation does not work and cited many examples. I personally provided the actual challenges I had encountered during the PCI-DSS role out at Visa and provided examples which the Commissioner found very interesting. Read More →