Sep 1, 2003|Article
Privacy Legislation for Canada's Private Sector
For many years, privacy legislation in Canada concerned the government!s use, storage and dissemination of personal information. With the passage of the Personal Information Protection and Electronic Documents Act (herein "PIPEDA! or "Act!), businesses throughout Canada will now see their collection, retention and dissemination of personal information directed by legislative demands. The spirit of PIPEDA is echoed in s.3 of the Act, which is seeks to balance the competing interests of maintaining the privacy of personal information, while respecting the need for commercial organizations to reasonably collect and use such information. The Act emanates from the Canadian Standards Association!s Model Code for the Protection of Personal Information, originally a voluntary code, which was wholly incorporated into the Schedule 1 of the Act. Section 5(1) of the Act makes Schedule 1 binding legislation.
The major purpose of the Act is the protection of personal information, meaning, any information about an identifiable individual, including clients and employees, that relates to his or her personal characteristics, (i.e. gender, colour, age, ethnicity, education) their health, activities and views (i.e. religion, purchasing patterns or opinions). s.2(1) The Act apparently does not protect corporate information, meaning, the information a business collects about a corporate client is beyond the scope of the Act. For an employer, personal information retained about an employee may include a social insurance number, medical records required for hiring purposes, the results of appropriately conducted drug testing, and driver!s licence particulars.
For a business entity, personal information collected about a customer may include detailed banking information, personal finances, spending habits, gender, and education.
To view the entire article please click the pdf link below.