Tuesday, October 20, 2009

PIPA passes


Right, the rest of the conference. So, this was the 4th time it's been held, alternating between Alberta and BC, the two provinces with the Personal Information and Privacy Act (pronounced like Pippa, for all you Robert Browning fans). A piece of luck that it was in Vancouver so soon after I offered to be Privacy Officer.

Three academic speakers:
Ian Kerr on 'Robot Law is Taking Over: privacy in the age of automation';
Jesse Hirsh on 'Finding the Missing Pieces: why solving the privacy puzzle is a lot more difficult than we think';
Hal Niedzviecki on 'Privacy in the Age of Peep: why we don't care about our privacy--and need it more than ever.'
All three were lively and engaging speakers on the intersection of privacy and technology, from fairly different viewpoints.
Last was a talk by a law firm on legal decisions and cases in the past year. This was more interesting than I expected, but difficult to make notes on because of the assumption that the audience already knew most of the cases. (It could also be that I'm a lot more used to making notes from academic lectures than from legal cases and don't know what to listen for.)

Five breakout sessions: I went for option A in each case, because that seemed to be the employee / employer stream.
Balancing an employer's right to medical information with an employee's right to privacy. This is a pretty hot topic presently, so I took extensive notes. The particularly fraught issue seemed to be that the employer was not entitled to know the actual diagnosis--but was entitled to know enough about the diagnosis to themselves evaluate return-to-work conditions, and that got very grey. I could see that slipping into the employer disregarding what the doctor said because of a perception that doctors were just parroting employees, or else demanding so many specifics that they might as well be gven the diagnosis. The speaker came very close to paternalism at times, but didn't quite slip over.
Everything you wanted to know about employment privacy but were afraid to ask. As you can maybe guess from the rather coy (and dated) title, this presentation spent a bit too much time on its cute scenarios and not enough time exploring the issues involved in those scenarios. The attempt to engage the audience with a little storytelling was well-intentioned, though. The takeaway was that tech geeks will want to use tech, and privacy geeks will interpret all possible situations as privacy-related, so everyone needs to step back.
Privacy and working offsite. This was after lunch, and not as hot a topic for me, so not so many notes. But a quite good presentation, with lots of anecdotes--the biggest risk seems to be to physical records being left in cars or on porches (printouts tucked into a car bra is a favourite) with the groceries, and electronic transmission being much safer.
Emerging technologies and employee surveillance. Some of this tied back to the employment privacy talk, and the issues of what employees will accept as reasonable (reasonable is the Word in PIPA, being in pretty well every clause, sometimes twice) and what will raise resentment.
Building a culture of privacy. This was very specific, tied right in to what a particular lab did to make security of personal information a routine, built in to even the office and exam rooms layout--whether computer screens were visible to passers-by, whether the photocopier could be monitored, what went in the shredder automatically and what was safe to go into the recycle unshredded. Pretty interesting, and they looked to have done a good job of making the employees feel part of the process, rather than being suspected as weak links.

The slant generally was from the employer's side, but one becomes used to adjusting for that. In one session the speaker asked how many present were a)employers, b)legislators, c)union. Only two union members in the room. I was one, and I'm pretty sure the other was the same union person I'd talked to the first morning.
A fellow from Translink that I was chatting with at the reception said it was about time the unions started to consider privacy issues (have to admit, I don't see myself as representative of The Unions as a whole), and when I was talking to the Verney Conference guys on the second day about the employer-slant, they seemed interested in expanding the union side and introducing union-specific topics.

Continental breakfast was, yes, included, and a lunch. The lunch was good both days, being somewhat-fancy pizza (3 kinds) on Sunday, and they set up three serving stands so the lineups were manageable. Desserts, too--I only got the carrot cake (not my fave) on Saturday, but Sunday was tiramisu and rice krispie rectangles. Also many different party snacks the first evening, during the reception.
I ended up way too caffeinated from all the tea and coffee. Chatting with the Verney guys I found out how much some of those refreshments cost, which caused me some palpitations (I already have strong constraints about wasting food.), hearing that a can of pop costs $5, and one of those juice pitchers $35. I shudder to think what my two slices of melon and croissant cost.
Bearing in mind that it wasn't just a pitcher of juice, it was a pitcher of juice poured and served by several people in black & red vests, and removed and washed afterwards. (Query to self: is the Hyatt Regency a union workplace?) And on the 3d floor of a downtown building that has to be heated and lit and cleaned and maintained and taxed.
The first go-round of coffee and tea was poured for you by the vest-clad staff, perhaps to reduce the risk of attendees scalding themselves, but after the first rush presumably the thermoses had cooled and the risk was reduced enough that one could wander out and get one's own drinks.

Oh yes, and loot, were you wondering about loot?
The conference bag was a black wine-bag (the kind with four pockets in the corners to hold bottles upright. A notebook with the conference info on the cover. A schedule booklet of course. 3 pens, one for the conference, one for Verney Conference Management, one for the sponsoring law firm of Borden Ladner Gervais. A notepad titled 'Managing My Information'.
Sunday we were encouraged to take the extras home with us, so I have 4 wine bags, 4 notebooks (my weakness) and 8-10 of each kind of pen.

Info tables--the best was the federal Privacy Commissioner, which had calendars and postcards with cartoons, as well as a bunch of infosheets and booklets. Would you have associated the Office of the Privacy Commissioner of Canada / Commissariat a la protection de la vie privee du Canada with rather cheeky cartoons? Because I wouldn't have, previously.
Oh, I also got a spiffy black bag with the slogan 'If you can't protect it, don't collect it', unfortunately not as snappy in French as 'Si vous ne pouvez pas les proteger, ne les recueillez pas'.

About 200 attendees, down about 20 from last year (I heard). Black was definitely the colour for the event, with the dais table and backdrop draped in black, black gimme bags, and black the predominant clothing colour. I think I saw one pair of grey trousers, with everyone else in black slacks or skirts, and black jackets or blazers, some black sweaters, some dark burgundy-to-cherry sweaters, white or other solid-colour shirts.

I was wearing red trousers, because I don't own any black (the cat hair shows up too easily), and because I am a union agitator mwahaha. Also was the only person wearing runners. I do have black shoes! Okay, runners that look just like black shoes, but I have to get laces for them before WFC.

No comments: