Privacy paranoia may be pragmatic...

By Rachel H Roy

Since his inauguration less than a month ago, President Donald Trump and his executive orders have been a frequent topic of conversation online and in our office.

One of Trump’s lesser-publicized executive orders, issued January 25, 2017, stated:

Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.

This may significantly impact the Department of Homeland Security's 2007 policy that extends certain U.S. Privacy Act protections to non-U.S. persons.

Being a self-proclaimed privacy nerd, I immediately wrote to the Office of the Privacy Commissioner of Canada to express my concerns, given the amount of personal information that Canadian agencies routinely provide to U.S. agencies.

This afternoon, I received the following response from the Office of the Privacy Commissioner of Canada:

You asked about U.S. President Trump’s executive order and its impact on the privacy of Canadians. I can tell you that we are actively examining the potential implications for Canadians. There are several legal instruments in the US which affect the privacy rights of foreigners, and we are considering those as part of our analysis.

We are eagerly awaiting the OIPC’s analysis and recommendations.

On the topic of privacy and our southern border, I recall coming across the following practice management tip from the Law Society of British Columbia in my early days as a lawyer:

If you are travelling outside Canada in such places as the US, the UK, Singapore and Malaysia, border officials may legally demand to examine the contents of any encrypted electronic device. In these circumstances, lawyers are well advised to carry a “clean” laptop — equipped with software to reach the office network remotely via a secure link, but containing no other information. The lawyer can link to the home office via the secure link as required, storing all work on the home office servers and saving nothing on the laptop. In this way, if the laptop is inspected by the authorities or stolen, no confidential information is compromised.

The Law Society circulated this advice back in 2008. Some may have viewed this as overkill at the time. Attitudes have likely changed since then, especially in light of recent developments  in the U.S., including reports that social media passwords may be requested and that even a NASA official has had to provide the password for a work device in order to cross the border.

Coupled with the trend towards using multiple personal devices to access work-related information, now more than ever, lawyers and others need to be hyper-aware and pro-active about privacy and protecting confidential information before heading to the U.S.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.