Are you worried about the privacy of your personal information? Do you hesitate to use your credit card online? Do you wonder who has access to the personal information you are required to give Canadian governments? What about Canadian banks? Just what do they do with all the information they collect about you? Who monitors the private sector? Here is a quick overview of the laws governing the collection, use and disclosure of your personal information by both governments and businesses in Canada.
Privacy and Governments in Canada
The 1983 federal Privacy Act puts limits and obligations on over 150 federal government departments and agencies on the collection, use and disclosure of personal information. It also gives Canadians the right to find out what personal information the federal government has about them by making a formal request under the Privacy Act. The Office of the Privacy Commissioner of Canada has the authority to investigate complaints.
The governments of all provinces and territories in Canada also have privacy offices and laws governing the collection, use and disclosure of personal information. The legislation varies from province to province, but the general right to access and correct personal information exists in all, and each has a commissioner or ombudsman who is authorized to handle complaints.
Privacy and the Private Sector
The Personal Information Protection and Electronic Documents Act, or PIPEDA, regulates how private sector organizations collect, use and disclose personal information in the course of business activities. PIPEDA was implemented in three stages:
- January 1, 2001 - federally regulated private sector, for example banks and international air carriers, is covered
- January 1, 2002 - personal health information collected, used or disclosed by federally regulated organizations covered.
- January 1, 2004 - covers information collected in the course of any commercial activity in any province or territory in Canada, including provincially regulated organizations. If a province has legislation substantially similar to the federal law, then that province may be exempted. At the beginning of 2004, the only province exempted from the federal PIPED Act was Quebec. Quebec businesses are not covered by PIPEDA, but must comply with the Quebec private sector privacy law.
Principles of Fair Information
PIPEDA establishes ten principles that organizations must follow when collecting, using and disclosing personal information in the course of commercial activity. These principles have been adapted from the Model Privacy Code of the Canadian Standards Association.
- identifying purpose
- limiting collection
- limiting use, disclosure and retention
- individual access
- challenging compliance
Individuals can complain to the Privacy Commissioner of Canada about violations, and the Commissioner can start his own investigation without waiting for a complaint.