Canadian privacy law

Privacy law is the area of law concerning the protecting and preserving the privacy rights of individuals. By definition, most countries treat privacy as the rights of individuals and not institutions. Governing bodies and NGO's collect vast amounts of personal information for a variety of purposes. Privacy laws limit how these organizations can collect and use this information.

The scope of applicability of privacy laws is called expectation of privacy.

Canadian privacy laws

The idea of Canadian privacy law is encapsulated within multiple acts, and the Canadian charter of rights and freedoms. They are listed below in chronological order. (PIPA and PIPEDA were enacted simultaneously)

* Canadian Charter of Rights and Freedoms
* Privacy Act (Canada)
* Access to Information Act
* Personal Information Protection and Electronic Documents Act (PIPEDA)
* Personal Information Protection Act (PIPA)

Evolution of Canadian privacy law

Canadian privacy law has evolved over time into what it is today. The first instance of a formal law came when, in response to international pressure, the Canadian government introduced data protection provisions into the Canadian Human Rights Act. [http://www.privcom.gc.ca/speech/archive/02_05_a_000128_e.asp] Subsequently, the Canadian Charter of Rights and Freedoms outlined that everyone has "the right to life, liberty and security of the person" and "the right to be free from unreasonable search or seizure" [http://laws.justice.gc.ca/en/charter/#libertes] , but never mentioned directly the concept of privacy.

Privacy Act

The next act of the Canadian parliament was to enact the federal Privacy Act. This Act regulates how federal government institutions collect, use and disclose personal information. It also provides individuals with a right of access to information held about them by the federal government, and a right to request correction of any erroneous information. [http://www.privcom.gc.ca/speech/archive/02_05_a_000128_e.asp]

Privacy Commissioner

The Canadian privacy commissioner is an Officer of Parliament, whose role is defined in the federal Privacy Act (Canada). The responsibilities of the privacy commissioner includes supervising the application of the federal Privacy Act itself. Under the Privacy Act, the Privacy Commissioner of Canada has powers to audit federal government institutions to ensure their compliance with the act, and is obliged to investigate complaints by individuals about breaches of the act. The federal Privacy Act and its equivalent legislation in most provinces are the expression of internationally accepted principles known as "fair information practices." As a last resort, the Privacy Commissioner of Canada does have the "power of embarrassment", which can be used in the hopes that the party being embarrassed will rectify the problem under public scrutiny. [http://www.privcom.gc.ca/speech/archive/02_05_a_000128_e.asp]

Although the office of the commissioner has no mandate to conduct extensive research and education under the current Privacy Act, the Privacy Commissioner of Canada (2000, Bruce Phillips) believed that they had become a leading educator in Canada on the issue of privacy. [http://www.privcom.gc.ca/speech/archive/02_05_a_000128_e.asp]

Access to Information Act

After the Privacy Act was enacted, the next major change to the Canadian privacy laws came in the form of the Access to Information Act. It was enacted in 1985, and complemented the Privacy Act. The main purposes of the Access to Information Act were to provide citizens with the right of access to information under the control of governmental institutions. The act limits access to personal information under specific circumstances. [http://laws.justice.gc.ca/en/A-1/index.html]

Freedom of Information Act

The Freedom of Information Act was enacted in 1996, and expanded upon the combination of the Privacy Act and Access to Information Act. It was designed to make governmental institutions more accountable to the public, and to protect individual privacy by giving the public right of access to records, as well as giving individuals right of access to and a right to request correction of personal information about themselves. It also specifies limits to the rights of access given to individuals, prevents the unauthorized collection, use or disclosure of personal information by public bodies, and redefines the role of the Privacy Commissioner of Canada. [http://www.qp.gov.bc.ca/statreg/stat/f/96165_01.htm]

Personal Information Protection and Electronic Documents Act (PIPEDA)

The Personal Information Protection and Electronic Documents Act (abbreviated PIPEDA or PIPED Act) is a federal Canadian law on the topic of data privacy. It governs how private-sector companies can collect, use and disclose personal information. The Act also contains various provisions to facilitate the use of electronic documents. PIPEDA was passed in the late 1990s to promote consumer trust in electronic commerce, as well as was intended to assure other governments that Canadian privacy laws were strong enough to protect the personal information of citizens of other nationalities.

PIPEDA includes and creates provisions of the Canadian Standards Association's Model Code for the Protection of Personal Information, developed in 1995.

In PIPEDA, "Personal Information" is specified as information about an identifiable individual, that doesn't include the name, title or business address or telephone number of an employee of an organization. [http://www.privcom.gc.ca/legislation/02_06_01_01_e.asp#002]

Personal Information Protection Act (PIPA)

Enacted in Jan 1, 2004.PIPA requires all private sector organizations to comply with rules respecting: