The last few months have been a tough time for internet security.
Recently, we’ve learned that a major computer manufacturer was found last week to be shipping laptops with malware and fake root certificates, compromising the secure communications of their customers.
For example, if they work for a law firm, then the Canadian Bar Association Code of Professional Conduct includes this section:
Maintaining Information in Confidence1. The lawyer has a duty to hold in strict confidence all information concerning the business and affairs of the client acquired in the course of the professional relationship, and shall not divulge any such information except as expressly or impliedly authorized by the client, required by law or otherwise required by this Code.
If you work for a company with a presence in Europe, you are bound by EU data legislation, which includes:
“Everyone has the right to the protection of personal data.”
Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose. Furthermore, persons or organisations which collect and manage your personal information must protect it from misuse and must respect certain rights of the data owners which are guaranteed by EU law.
In my career, I’ve often found myself working with health care data, and thus come under the jurisdiction of Ontario’s Personal Health Information Protection Act, which among other things states:
12. (1) A health information custodian shall take steps that are reasonable in the circumstances to ensure that personal health information in the custodian’s custody or control is protected against theft, loss and unauthorized use or disclosure and to ensure that the records containing the information are protected against unauthorized copying, modification or disposal.
A. Protecting Customer InformationCustomer information must be kept private and confidential.”C. Protecting TD Information We must carefully protect the confidential and proprietary information to which we have access, and not disclose it to anyone outside of TD or use it without proper authorization, and then only for the proper performance of our duties. “