Privacy Act (Canada)
The Privacy Act (French: Loi sur la protection des renseignements personnels) is Canadian federal legislation that came into effect on July 1, 1983.[1] The act sets out rules for how institutions of the Government of Canada must deal with personal information of individuals. Some salient provisions of the legislation are as follows:
- A government institution may not collect personal information unless it relates directly to an operating program or activity of the institution (section 4).
- With some exceptions, when a government institution collects an individual's personal information from the individual, it must inform the individual of the purpose for which the information is being collected (section 5(2)).
- With some exceptions, personal information under the control of a government institution may be used only for the purpose for which the information was obtained or for a use consistent with that purpose, unless the individual consents (section 7).
- With some exceptions, personal information under the control of a government institution may not be disclosed, unless the individual consents (section 8).
- Every Canadian citizen or permanent resident has the right to be given access to personal information about the individual under the control of a government institution that is reasonably retrievable by the government institution, and request correction if the information is inaccurate (section 12).
- A government institution can refuse requests for access to personal information in four cases:[2]
- The request interferes with the responsibilities of the government, such as national defence and law enforcement investigations (sections 19-25)
- The request contains the personal information of someone other than the individual who made the request (section 26).
- The request is subject to solicitor-client privilege (section 27).
- A request for an individual's own medical records can be rejected if there is no benefit to the individual in reading it (section 28).
- The Privacy Commissioner of Canada receives and investigates complaints, including complaints that an individual was denied access to his or her personal information held by a government institution (section 29).
Privacy Act | |
---|---|
Parliament of Canada | |
| |
Territorial extent | Canada |
Commenced | July 1, 1983 |
Status: Current legislation |
History
The first privacy law in Canada was enacted in 1977 in part four of the Canadian Human Rights Act by creating the Office of the Privacy Commissioner of Canada, which would be responsible for investigating privacy violation complaints by members of the public and reporting to lawmakers.[3] During the 32nd Parliament in 1983, Bill C-43 was passed.[3] This legislation created the Privacy Act and the Access to Information Act, separate from the Canadian Human Rights Act.
Case law
An individual who has been refused access to personal information may ultimately apply to the Federal Court for a review of the matter, pursuant to section 41 of the Act. The Court may order the head of the government institution to disclose the information to the individual (sections 48 and 49). Decisions of the Federal Court on such matters may be appealed to the Federal Court of Appeal, and, if leave is granted, further appealed to the Supreme Court of Canada. Some important court decision concerning the Privacy Act are:
- Canada (Information Commissioner) v. Canada (Commissioner of the Royal Canadian Mounted Police), 2003 SCC 8[4] (considering the definition of "personal information" in section 3 of the Privacy Act)
- Ruby v. Canada (Solicitor General), 2002 SCC 75[5] (holding that section 51(2)(a) of the Privacy Act is unconstitutional because it requires that the entire hearing of certain applications to Federal Court be held in camera)
- Lavigne v. Canada (Office of the Commissioner of Official Languages), 2002 SCC 53[6] (holding that the Privacy Act is 'quasi-constitutional' legislation, and considering section 22(1)(b), the exemption for information the disclosure of which could be injurious to the conduct of lawful investigations)
- Privacy Act (Can.) (Re), 2001 SCC 89[7] (holding that the Privacy Act was not violated by a program whereby Canada Customs gave information about travellers to the Canada Employment Insurance Commission, to identify those who received employment insurance benefits while outside Canada)
- Dagg v. Canada (Minister of Finance), [1997] 2 S.C.R. 403[8] (the first major Supreme Court of Canada decision to consider the Privacy Act)
See also
- Privacy law
- Information Privacy Laws
- Data privacy
- Access to Information Act
- Personal Information Protection and Electronic Documents Act (PIPEDA)
- Info Source—repository of information available through the Privacy Act and Access to Information Act
References
- "Privacy Legislation in Canada". Archived from the original on 2007-01-03. Retrieved 2006-08-16.CS1 maint: bot: original URL status unknown (link)or
- Branch, Legislative Services (2018-12-13). "Consolidated federal laws of Canada, Privacy Act". laws-lois.justice.gc.ca. Retrieved 2019-04-05.
- "Canada's Federal Privacy Laws". lop.parl.ca. Retrieved 2019-04-05.
- https://web.archive.org/web/20110222145858/http://scc.lexum.umontreal.ca/en/2003/2003scc8/2003scc8html
- https://web.archive.org/web/20080220215137/http://scc.lexum.umontreal.ca/en/2002/2002scc75/2002scc75.html
- https://web.archive.org/web/20110226140454/http://scc.lexum.umontreal.ca/en/2002/2002scc53/2002scc53.html
- https://web.archive.org/web/20091002025532/http://scc.lexum.umontreal.ca/en/2001/2001scc89/2001scc89.html
- https://web.archive.org/web/20071017155430/http://scc.lexum.umontreal.ca/en/1997/1997rcs2-403/1997rcs2-403.html
External links
- Privacy Act
- Supreme Court of Canada decisions on privacy
- Federal Court Reports - subject: privacy
- The Canadian Privacy Law Blog: A regularly updated blog on issues related to Canadian privacy law written by David T. S. Fraser, a Canadian privacy lawyer
- Privacy Act in brief (The Privacy Commissioner of Canada)