A lawyer with the City of Ottawa was active in community activities, and with permission of his employer spent some time on those activities at the office. His email to and from one of the charities became the subject of an access to information request under the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA). He resisted disclosure of the emails on the ground that they had nothing to do with government business, the disclosure of which was the purpose of the Act.

The Information and Privacy Commissioner held in April 2009 that the emails must be disclosed: . . . [more]

Welcome new columnists Simon, Robert, Lewis … and new Twitter followers Kathryn, Dana, Steven, Tiffany, Paul, along with dozens of others.

The Florida Bar Association has recently published a professional ethics opinion on the duty of lawyers to ‘sanitize’, i.e. erase the memory of, storage media such as printers, copiers, scanners and fax machines.

The opinion explains why such devices even have memories; some of the older among us may not think of them as that smart! It also notes a duty to supervise staff whose job it may be to clear out the memories of these devices before the devices are returned to lessors, or sold, or even just scrapped.

I see that the Law Society of Upper Canada’s ‘technology’ . . . [more]

The Federal Trade Commission in the US published – as part of a much larger report on privacy – a fascinating chart on the various routes that various kinds of personal information take from the individual to end users of all kinds.

There is a note on the website of the Centre for Democracy and Technology about the chart.

 
The chart itself is in PDF.

There is a lot of information on the chart, so you will have to blow it up at least to double size to see it clearly (if your eyes are no better than mine…). It . . . [more]

A court in Illinois has recently held that showing a credit card number on a computer screen did not constitute printing that number: Kelleher v. Eaglerider, Inc., 2010 WL 4684037 (N.D.Ill., Nov. 10 2010). Internet Cases has the story.

The Fair and Accurate Credit Transactions Act of 2003 [PDF] (FACTA) says that a merchant must not print out a receipt with more than the last five digits of a credit card number. Someone who did a transaction saw his full number on the screen, and sued for damages for breach of the statute. He lost.

In my view, I’m . . . [more]

A recent English court case, Football Dataco Ltd et al. v Sportradar GmbH [2010] EWHC 2911 (Ch), has held that at least for some purposes, the jurisdiction of a court over Internet content should be based on where the server was located, and not where the information online was read or used.

This seems to me to be half right. Jurisdiction should not be based on where the information was read or received, unless there is some separate activity going on there. But the location of the server should be irrelevant too. It is the location of the business . . . [more]

An American magistrate judge (sort of like a master) has ruled that a plaintiff suing a company for improperly sending a takedown notice under the DMCA has waived a number of heads of attorney-client
privilege by discussing the details of her legal case too broadly by email and on a blog (Eric Goldman blog (per Venkat))

So it’s not just lawyers who have to worry about waiving privilege – the clients can do so too. It’s not that the media of communications were insecure in themselves, it’s that they left traces that could be
found (not surprising, for . . . [more]

1. Following the example of the UN Model Law on Electronic Commerce, the UN E-Communications Convention [PDF] contains a provision on when electronic messages are received. They are received when they are capable of being retrieved by the addressee at an electronic address designated by the addressee. (Article 10) An electronic message is presumed to be capable of being retrieved by the addressee when it reaches the addressee’s electronic address.

The explanatory note to the Convention explains at para 180 that this presumption of retrievability may be rebutted, for example, if the security filters of the addressee’s system prevent the . . . [more]

The Uniform Arbitration Act (1990), in force in six provinces (and passed years ago in PEI but never proclaimed in force), sets out what were then modern rules for the conduct of arbitrations, with powers of arbitrators spelled out in default of agreement by the parties, and with restrictions on court intervention in the proceedings, as well as enforcement provisions. So far as I know, it works fairly well. (Ontario had a bit of controversy a few years ago about its application to family arbitrations conducted under religious law, and the statute was amended to better harmonize with family law . . . [more]

Is anybody – any international body – studying the legal basis for jurisdiction over personal information as it crosses national borders, or considering the law that should be applicable to such PI?

This could be thought of as ‘law applicable to the cloud’ in these days of cloud computing, though I don’t think it’s limited to that.

The Hague Conference on Private International Law in April 2010 noted [PDF p.18] as an ‘additional subject’ for work, more I think in the lines of a watching brief:

The Council invited the Permanent Bureau to continue to follow developments in the following

. . . [more]

Some email programs automatically delete old emails after a fixed time. Most come with a function that allows the owner of the system to set up a time after which old emails are automatically deleted (unless they have been moved to particular storage folders, probably). This function seems useful to avoid clutter. It’s like a record destruction schedule.

Is there a standard time at which such auto-delete functions should be set, or should there be? What’s a safe time, legally as well as practically? It is clear enough that without such a function, some people (most?) would never get around . . . [more]

Readers will notice that we’ve added a small new feature to Slaw. Down at the bottom of entries, at the end of the after-post line that invites you to “Share,” you’ll see this: . . . [more]