Earlier this week AT&T; announced changes to its statement of its privacy policy, driven by its response to lawsuits over the handover of customer records to US law enforcement agencies.
The new policy states that customer information constitute:
business records that are owned by AT&T.; As such, AT&T; may disclose such records to protect its legitimate business interests, safeguard others, or respond to legal process.
It is unclear how this position would hold in Canada where the CRTC and Federal Privacy Commissioner both have views on who owns customer information. In the latest annual report of the Privacy Commissioner, we find:
It is perhaps appropriate to remind everyone that once data is outside of Canada, the ultimate control of it rests in the hands of the authorities in that state.
Such realities have implications for AT&T; customers in Canada. Will the CRTC look at this issue and will it lead to conditions on the licensing of international carriers?