Canadian privacy law

Canadian privacy law is derived from the common law, statutes of the Parliament of Canada and the various provincial legislatures, and the Canadian Charter of Rights and Freedoms.

Evolution of Canadian privacy statutes

Canadian privacy law has evolved over time into what it is today. The first instance of a formal law came when, in 1977, the Canadian government introduced data protection provisions into the Canadian Human Rights Act.^[1] In 1982, the Canadian Charter of Rights and Freedoms outlined that everyone has "the right to life, liberty and security of the person" and "the right to be free from unreasonable search or seizure",^[2] but did not directly mention the concept of privacy. In 1983, the federal Privacy Act regulated how federal government collects, uses and discloses personal information. Throughout the late 1990s and 2000s, privacy legislation placed restrictions on the collection, use and disclosure of information by provincial and territorial governments and by companies and institutions in the private sector.

Governing relations with public sector institutions

Privacy Act

Main articles: Privacy Act (Canada) and Privacy Commissioner of Canada

The Privacy Act, passed in 1983^[3] by the Parliament of Canada, regulates how federal government institutions collect, use and disclose personal information. It also provides individuals with a right of access to information held about them by the federal government, and a right to request correction of any erroneous information.^[4]

The Act established the office of the Privacy Commissioner of Canada, who is an Officer of Parliament. The responsibilities of the Privacy Commissioner includes supervising the application of the Act itself.

Under the Act, the Privacy Commissioner has powers to audit federal government institutions to ensure their compliance with the act, and is obliged to investigate complaints by individuals about breaches of the act. The Act and its equivalent legislation in most provinces are the expression of internationally accepted principles known as "fair information practices." As a last resort, the Privacy Commissioner of Canada does have the "power of embarrassment", which can be used in the hopes that the party being embarrassed will rectify the problem under public scrutiny^[5]

Although the office of the commissioner has no mandate to conduct extensive research and education under the current Privacy Act, the Commissioner believed that he had become a leading educator in Canada on the issue of privacy.^[6]

Access to Information Act

Main article: Access to Information Act

The next major change to the Canadian privacy laws came in 1985 in the form of the Access to Information Act. The main purposes of the Act were to provide citizens with the right of access to information under the control of governmental institutions. The Act limits access to personal information under specific circumstances.^[7]

Freedom of Information Act

The Freedom of Information Act was enacted in 1996, and expanded upon the principles of the Privacy Act and Access to Information Act. It was designed to make governmental institutions more accountable to the public, and to protect individual privacy by giving the public right of access to records, as well as giving individuals right of access to and a right to request correction of personal information about themselves. It also specifies limits to the rights of access given to individuals, prevents the unauthorized collection, use or disclosure of personal information by public bodies, and redefines the role of the Privacy Commissioner of Canada.^[8]

Extension to private sector organizations

Federal

Main article: Personal Information Protection and Electronic Documents Act

The Personal Information Protection and Electronic Documents Act ("PIPEDA") governs the topic of data privacy, and how private-sector companies can collect, use and disclose personal information. The Act also contains various provisions to facilitate the use of electronic documents. PIPEDA was passed in the late 1990s to promote consumer trust in electronic commerce, as well as was intended to assure other governments that Canadian privacy laws were strong enough to protect the personal information of citizens of other nationalities.

PIPEDA includes and creates provisions of the Canadian Standards Association's Model Code for the Protection of Personal Information, developed in 1995. Like any privacy protection act, the individual must be informed of information that may be disclosed, whereby consent is given. This may be done through accepting terms, signing a document or verbal communication.

In PIPEDA, "Personal Information" is specified as information about an identifiable individual, that does not include the name, title or business address or telephone number of an employee of an organization.^[9]

Provinces

PIPEDA allows for similar provincial laws to continue to be in effect. Quebec, British Columbia and Alberta have subsequently been determined to have similar legislation, and laws governing personal health information only, in Ontario and New Brunswick, have received similar recognition. They all govern:

What personal information can be collected from individuals (including customers, clients and employees);
When consent is required to collect personal information and how consent is obtained;
What notice must be provided before personal information is collected, and
How personal information may be used or disclosed;
The purposes for which personal information may be collected, used or disclosed by the organization;
How an individual may get access to and request correction of his or her personal information held by the organization.

The provincial Acts that have been so recognized, and agencies responsible, are as follows:

Province	Act	Federal recognition	Provincial regulator
British Columbia	Personal Information Protection Act	Organizations in the Province of British Columbia Exemption Order, SOR/2004-220	Office of the Information and Privacy Commissioner
Nova Scotia	Personal Information Protection Act, S.B.C. 2003, c. 63		The Nova Scotia Freedom of Information and Protection of Privacy review office
Alberta	Personal Information Protection Act, S.A. 2003, c. P-6.5	Organizations in the Province of Alberta Exemption Order, SOR/2004-219	Office of the Information and Privacy Commissioner
Ontario	Personal Health Information Protection Act, 2004, S.O. 2004, c. 3, Schedule A,	Health Information Custodians in the Province of Ontario Exemption Order, SOR/2005-399	Office of the Information and Privacy Commissioner of Ontario
Quebec	An Act respecting the protection of personal information in the private sector, R.S.Q., c. P-39.1	Organizations in the Province of Quebec Exemption Order, SOR/2003-374	Commission d’accès à l’information
New Brunswick	Personal Health Information Privacy and Access Act, S.N.B. 2009, c. P-7.05	Personal Health Information Custodians in New Brunswick Exemption Order, SOR/2011-265	Office of the Access to Information and Privacy Commissioner

Development of personal privacy rights

Provincial statutes

The Civil Code of Quebec contains provisions governing privacy rights that can be enforced in the courts.^[10] In addition, the following provinces have passed similar statutes:

British Columbia^[11]
Saskatchewan^[12]
Manitoba^[13]
Newfoundland and Labrador^[14]

All four Acts establish a limited right of action, whereby liability will only be found if the defendant acts wilfully (not a requirement in Manitoba) and without a claim of right. Moreover, the nature and degree of the plaintiff‟s privacy entitlement is circumscribed by what is “reasonable in the circumstances”.

Evolution of the common law

In January 2012, the Ontario Court of Appeal declared that the common law in Canada recognizes a right to personal privacy, more specifically identified as a "tort of intrusion upon seclusion",^[15] as well as considering that appropriation of personality is already recognized as a tort in Ontario law.^[16] The ramifications of this decision are just beginning to be discussed.^[17]^[18]

Notes and references

↑ http://www.privcom.gc.ca/speech/archive/02_05_a_000128_e.asp
↑ http://laws.justice.gc.ca/en/charter/#libertes
↑ http://www.priv.gc.ca/fs-fi/02_05_d_15_e.cfm Privacy Act
↑ http://www.privcom.gc.ca/speech/archive/02_05_a_000128_e.asp
↑ http://www.privcom.gc.ca/speech/archive/02_05_a_000128_e.asp
↑ http://www.privcom.gc.ca/speech/archive/02_05_a_000128_e.asp
↑ http://laws.justice.gc.ca/en/A-1/index.html
↑ http://www.qp.gov.bc.ca/statreg/stat/f/96165_01.htm
↑ http://www.privcom.gc.ca/legislation/02_06_01_01_e.asp#002
↑ CCQ, ss. 3 and 35-37, as well as s. 5 of the Charter of Human Rights and Freedoms, R.S.Q. c. C-12
↑ Privacy Act, R.S.B.C. 1996 c. 373
↑ Privacy Act, R.S.S. 1978, c. P-24
↑ Privacy Act, R.S.M. 1987 c.P125
↑ Privacy Act, R.S.N. 1990, c.P-22
↑ Jones v. Tsige, 2012 ONCA 32, 2012-01-18
↑ Cathy Beagan Flood; Iris Fischer; Nicole Henderson; Pei Li. "Ontario Court of Appeal Recognizes New Privacy Tort". Blake, Cassels & Graydon. Retrieved 2012-02-03.
↑ Rob Barrass; Lyndsay A. Wasser (2012-01). "seclusion intrusion: a common law tort for invasion of privacy". McMillan LLP. Retrieved 2012-01-19. Check date values in: |date= (help)
↑ Kirk Makin (2012-01-19). "Ontario court paves way for victims of privacy intrusion to sue snoopers". Globe and Mail. Retrieved 2012-01-20.

Privacy

Principles	Expectation of privacy Right to privacy

Privacy laws	Australia Canada Denmark England European Union Ghana Switzerland New Zealand USA

Data protection authorities	Australia Denmark European Union (working group) France Germany Ireland Isle of Man Norway Spain Sweden Switzerland United Kingdom

Areas	Consumer Medical Workplace

Information privacy	Law Financial Internet Political Personally identifiable information (Personal identifiers) Privacy-enhancing technologies Social networking services

Advocacy organizations	American Civil Liberties Union Center for Democracy and Technology Computer Professionals for Social Responsibility Future of Privacy Forum Electronic Privacy Information Center Electronic Frontier Foundation Global Network Initiative Privacy International Privacy Rights Clearinghouse

See also	Anonymity Cellphone surveillance Cyberstalking Data security Privacy engineering Human rights Identity theft Panopticon Personality rights Search warrant Surveillance en masse state global

This article is issued from Wikipedia - version of the 9/19/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.