by Shaya Silber
People have great business and/or web ideas every day. Their first instinct is to contact a web developer and get their project up and running as soon as possible. However, they often overlook some of the risks that are inherent in building and operating a website. A lot of these risks, often involve a certain level of technical know-how. This concept does not occur to most people, simply because these concerns evolved relatively recently.
Types of Information Collection
How Are You Gathering Information
When building your website or business practices, you should determine how you will gather information. The key distinction here is whether information is provided voluntarily by the user, or whether it’s gathered automatically simply by virtue of visiting a website, for example.
Again you should discuss information gathering practices with your programmers, web developers and lawyers.
How are you Managing the Information
Several issues arise where a website stores the personal information of its users. Aside from the obvious security concerns, there are questions of international law that arise as well. It is becoming common practice for a website located in Canada, for example, to have its information stored on one or several servers located internationally. Most foreign jurisdictions have legislation addressing the collection and storage of personal information. These legislation may have requirements to obtain additional consent from users, among others obligations.
If the information that you collect is mismanaged, it could expose you to significant liability. Liability isn’t limited to damages that may be awarded in court. Oftentimes, the negative publicity generated by the misuse of personal information causes irreparable harm to a company/website’s reputation.
From a practical perspective, a privacy violation opens a company up to liability. Privacy violations may result in a tort action against the violator. Furthermore, it is increasingly common to see complaints lodged with the Privacy Commissioner. The Commissioner does not have the power to award damages. However, in some cases the Commission discusses remedies that may be available at the Federal Court. In most cases, courts are unwilling to award any monetary damages. However, in a recent case, the Federal Court awarded $5,000.00 to an individual who was denied a loan due to incorrect information provided by the credit bureau. This seems to indicate a new approach to privacy law in Canada. It will be interesting to see how future cases apply damages in these circumstances.