F30. What privacy legislation does Canada have?

F30. What privacy legislation does Canada have?


Canada

The Personal Information Protection and Electronic Documents Act (PIPEDA)

PIPEDA Review Discussion Document, Protecting Privacy in an Intrusive World (July 18, 2006)

Alberta


Freedom of Information and Protection of Privacy Act

Health Information Act

Personal Information Protection Act
(Legislation has been declared “substantially similar” to PIPEDA)
The Alberta Act is similar to PIPEDA in its impact on charities. It specifically exempts most non-profits from its requirements unless they are engaged in a commercial activity. Opt-out mechanisms are allowed as long as charities give the individual “a reasonable opportunity to decline or object to having his or her personal information collected, used or disclosed.”

 

British Columbia


Freedom of Information and Protection of Privacy Act

Personal Information Protection Act
(Legislation has been declared “substantially similar” to PIPEDA)

Privacy Act

E-Health (Personal Health Information Access and Protection of Privacy) Act

British Columbia’s Personal Information Protection Act is much stricter than the federal privacy law. There is no reference to commercial activity nor is there an exemption for charities. Any organization gathering, using or disclosing an individual’s personal information must have the individual’s consent. Under the legislation, only “contact information,” defined as data enabling an organization to contact an individual at work, was exempt. Contact information includes name, position name or title, business telephone number, business address, business email, or business fax number of the individual.


The regulations for Bill 38 that were later developed by the province are quite broad, however. The definition of “public information” (information that can be gathered without consent) includes:

• the name, address, telephone number and other personal information that appears in telephone directories, if the individual is allowed to refuse to have his/her information made available
• personal information that appears in a professional or business directory that is available to the public, if the individual has the right to refuse to have his/her information included in the directory
• personal information appear in a registry to which the public has a right of access
• personal information that appears in a printed or electronic publication that is available to the public, including magazines, books, and newspapers.

Charities can collect, use, and disclose the information found in the sources above without an individual’s consent. Charities can gather information outside of the “public information” realm if they give the individual “a reasonable opportunity to decline or object to having his or her personal information collected, used or disclosed.” Reasonable and clear opt-out mechanisms are permissible depending on the sensitivity of the information. Medical and salary information, for example, would always require express opt-in consent.

 

Manitoba


The Privacy Act

The Freedom of Information and Protection of Privacy Act

The Personal Health Information Act

 

New Brunswick


Protection of Personal Information Act

 

Newfoundland and Labrador

Access to Information and Protection of Privacy Act

Privacy Act

Personal Health Information Act (To be proclaimed)

 

Nova Scotia

Freedom of Information and Protection of Privacy Act

 

Ontario

Freedom of Information and Protection of Privacy Act

Personal Health Information Protection Act
(Legislation has been declared “substantially similar” to PIPEDA, with respect to health information custodians)

Municipal Freedom of Information and Protection of Privacy Act

 

Prince Edward Island

Freedom of Information and Protection of Privacy Act

 


Québec

An Act Respecting the Protection of Personal Information in the Private Sector
(Legislation has been declared “substantially similar” to PIPEDA)

An Act Respecting Access to Documents Held by Public Bodies and the Protection of Public Information


Quebec currently has the strictest privacy policy in place. The provincial privacy law applies to all private enterprises, including non-profits and charities, and applies to all information that relates to an individual and allows an individual to be identified. Information can only be collected for an intended purpose and that purpose must be specified when an individual’s file is created. Some publicly available information, such as those found in phone books, can be used without consent.


Before collecting information, a charity must tell the individual how that information will be used and who will have access to it, and must make sure the person is aware that he or she has a right of access and correction. Opt-in or opt-out mechanisms are both acceptable.


The Quebec law also directly addresses the issue of donor lists. Lists containing the names, addresses, and telephone numbers of the members, clients, and employees of an enterprise may be communicated or used for commercial or philanthropic prospecting purposes. The enterprise must, however, give the person concerned a valid opportunity to refuse permission for such communication or use.

 

Saskatchewan

Freedom of Information and Protection of Privacy Act

Health Information Protection Act

Local Authority Freedom of Information and Protection of Privacy Act

Privacy Act

 

Northwest Territories

Access to Information and Protection of Privacy Act

 

Nunavut

Access to Information and Protection of Privacy Act

 

Yukon


Access to Information and Protection of Privacy Act

 

To see a list of the provincial and territorial privacy commissioners and ombudsmen, as well as offices with oversight and government organizations relating to privacy, click here.