Hardly a day goes by where Canadians don’t see or hear something in the media about their privacy and how it is affected by the actions of the Federal government. With so much information permeating the psyche about whether or not our information is safe from prying eyes, it can be hard to understand what is really going on. Canada’s privacy laws and the security of our information begin with two basic documents: the Privacy Act and the Personal Information Protection and Electronic Documents Act, or PIPEDA.
The Privacy Act is Canada’s longstanding legislation about the public’s access to information. It originally came into effect on July 1st, 1983 and primarily outlines how federal government institutions should handle the personal information of individuals. The act states that a government institution may not collect personal information unless otherwise necessary. When the government does collect someone’s information, they must always notify said individual as to why. This information must then only be used for the stated purpose, with few exceptions, unless the individual consents. Furthermore, this information may not be disclosed to the public without the individual’s consent. Every citizen and permanent resident of Canada has the legal right to access the information collected on themselves and request correction if information is inaccurate. If an individual is at any point refused access to this information, they must apply for a review by the Federal Court.
When Bill C-51, or the Anti-terrorism Act, was introduced back in 2015, it was directly associated with the Privacy Act. It allows for greater sharing of personal information. Suddenly something as tightly withheld as tax information would be easily accessible if there was reason to believe it was relevant to a potential terror threat. Although the bill has undergone some editing from when it was first drafted to when it was finally passed March 26th, 2016, this access to personal information by both the government and CSIS is still in effect.
The PIPEDA relates to the collection, usage, and disclosure of personal information through electronic means. It became official law on April 13th, 2000 with the intention of promoting consumer trust in electronic commerce and to reassure the EU that Canada was doing everything in its power to protect the information and the rights of its citizens. Unfortunately, or fortunately depending on your perspective, the PIPEDA offers multiple exceptions where a person’s personal information may be collected, stored, and even disclosed without receiving said individual’s consent, or in fact even notifying them of this, including cases where the information is deemed relevant in the law enforcement process.
On June 18th, 2015, the Digital Privacy Act became law, increasing the number of exemptions in the PIPEDA, including one for business transactions. If a complaint is made against a violation, it must be taken to the Office for the Privacy Commissioner of Canada. The commissioner is then required to investigate and report on the complaint.