The Office of the Privacy Commissioner of Canada has just released the first results of their investigation into online privacy policies, as part of the Global Privacy Enforcement Network Internet Privacy Sweep, whatever the hell that is. The OPC found some interesting stuff. As they say in their blog post, the good, the bad, and the ugly. Major Canadian corporations with crappy privacy policies? Well obviously they need to hire a decent internet lawyer. (call me!)
The OPC examined over 300 privacy policies of a bunch of Canadian corporations. This report is only preliminary, but I guess they felt the need to shame some people into doing a better job as soon as possible. Because as I am sure I have written before, the OPC can’t do much else than shame. Not their fault, really, it’s PIPEDA that’s toothless. But I digress, as usual.
First, the OPC actually praised some companies. Tim Hortons was singled out as a good having a good policy. Would you expect anything less from Canada’s coffee maker? My favourite praise though, is for IKEA Canada. The OPC likes IKEA’s policy because it also mentions offline privacy info. Specifically this bit:
For security, safety and liability purposes, we use CCTV cameras in our stores and adjoining areas such as parking lots… By visiting a store, you consent to our use of such cameras and the recording of your information.
So we’re filming you, but it’s cool because we’re telling you!
OK good policies are boring, let’s go to the bad. Privacy Commissioner Jennifer Stoddart said this:
Well c’mon, we all communicate in 140 characters or less now. 110 words is verbose! Well, maybe not for lawyers. The fast food chain turns out to be A&W. I would say boycott A&W, but who doesn’t love a Teen Burger and root beer? And those onion rings? YUM. And after some digging, I looked at A&W’s policy, and it seems they have added to it. By my count (well, MS Word’s), the policy now has 1595 words. So maybe the OPC shame has worked.
OK so we’ve buried the lede here. The OPC has reserved some shame for Bell Canada. They state in their blog post:
And that e-mail address is….?
Well, we couldn’t find it.
Hehehe, good one, Bell! Making it impossible for people to reach you? That’s some kind of irony.
- Bell’s lawyers forgot to update the date when they were shamed by the OPC, which I doubt considering Bell’s lawyers probably bill at $1000 / hour, or
- The OPC employees doing the study have some browser plug-in that strips out links, making their whole study dubious at best.
- Clearly and explicitly state what personal info is collected;
- Clearly and explicitly state what the company does with that personal info; and
- Have good contact info for website visitors if they want more information or have privacy concerns.
I could have told them that in two minutes.