Beware of your "frenemies!"

Frenemies a big threat to your privacy
By BRIAN BOWMAN, For the Winnipeg Sun
Monday, October 18, 2010

Who is the biggest threat to your privacy?

Government bodies? No. Businesses? Nope. How about your supposed friends, or “frenemies?” Absolutely.

No one knows more detailed personal information about you than your Facebook friends. So do we need new privacy laws to protect you from violations perpetrated by other individuals?

Sure, some government bodies fail to meet their privacy obligations. Veteran Affairs Canada is one recent example.

Some corporations drop the ball on privacy, too. Recall the Winners/HomeSense data breach.

But increasingly we see cases where people have had their privacy invaded by supposed friends.

A few weeks ago, we learned an 18-year-old from New Jersey jumped off the George Washington Bridge after he learned his university roommate had streamed a sexual encounter he had with another male student online without his knowledge.

Last month, a 16-year-old girl from Vancouver was reportedly gang raped by a group of seven males. Images of the assault were posted on Facebook.

These are extreme examples where an individual’s privacy was violated by another individual, as opposed to a government body or a corporation.

We have laws to protect your privacy in respect of public sector government bodies as well as private sector businesses. But there arguably remains a missing link in the chain of privacy laws to protect you from violations perpetrated by other individuals.

If you have a privacy complaint against a government body or a business, you can contact the appropriate privacy commissioner.

However, in most cases if you want to initiate a formal privacy complaint against another individual, a privacy commissioner won’t be able to help.

Depending on the severity of the violation, you could consider suing the other person. But most people who have suffered a privacy violation don’t want to further air the matter in a public court.

After new technologies arise, we often, and eventually, see laws introduced to regulate certain activities. New rules to prohibit texting while driving is a case in point. Ten years ago, who would have thought that such rules would be necessary?

Social networking is not a bad thing. But the manner in which a small segment of the population is using the technology will increasingly put pressure on politicians to “do something.” It is only a matter of time before the masses begin calling for privacy rules to better protect you from having your privacy violated by other individuals.

My fear is rules will be introduced in haste and in response to a widely reported and repugnant privacy violation. Are such rules necessary? Would they even work?

The biggest hurdle is enforcement and oversight. How would a privacy commissioner deal with the volume of complaints that would likely arise from such rules? And what powers should a privacy commissioner have to deal with complaints?

These are difficult questions. Which is why the time has come for a serious debate on whether the status quo is sufficient or whether, in fact, privacy rules are required to help regulate the real privacy risks that exist between individuals. What do you think?

Brian Bowman is a partner with the law firm of Pitblado LLP. He is a nationally recognized leader in privacy and access to information law who writes a blog @ brianbowman.ca.