Privacy Review

by Simon Chester

The Privacy Commissioner of Canada has just published a discussion paper as part of the five-year parliamentary review of the Personal Information Protection and Electronic Documents Act.

The issues it focusses on are:

Privacy Commissioner’s Powers

Consent

Disclosure of Personal Information before Transfer of Businesses

Work Product

Duty to Notify

Transborder Flows of Personal Information

Sharing Information with Other Data Protection Authorities

The questions on which feedback is sought are:

Is the existing ombudsman model effective or ineffective at protecting the privacy rights of individuals and addressing the legitimate interest in personal information of organizations engaged in commercial activities? In what ways? What, if anything, needs to be changed?
Should PIPEDA be amended to remove the consent requirements in relation to personal employee information? If so, is the “reasonable purpose” test an appropriate alternative?
Should employee consent issues be addressed by a specific exception in section 7 for the employment relationship, subject to conditions? If so, what should be the conditions?
Should the collection of some types of employee data be prohibited altogether? If so, what would be the criteria for prohibiting collection?
Is it appropriate for private sector organizations to act as personal information collection agents for the government? Is it appropriate for records to be created solely for the purpose of providing them to government?
Is the authority to collect personal information without the knowledge or consent of the individual in section 7(1)(e) broader than necessary? If so, how might the provision be amended to limit the authority for organizations subject to PIPEDA to collect information?
Should provisions in PIPEDA relating to investigative bodies be changed? If so, in what way?
Whether the provisions are changed or not, can the transparency and accountability relating to the activities of investigative bodies be further enhanced? What measures would accomplish this?
Should PIPEDA be amended to regulate wilful attempts to collect personal information without consent?
Are there circumstances beyond those now identified in section 7 of PIPEDA where collection, use or disclosure without knowledge or consent should be permitted for the legitimate benefit of an individual or his or her family or the greater public? If so, what are those circumstances?
Should PIPEDA be amended to deal with “blanket consent?” If so, what should be the nature of those amendments?
Should PIPEDA allow an organization in possession of personal information to disclose that information to a prospective purchaser or business partner? If so, what conditions should apply?
Should PIPEDA be amended to allow the transfer of personal information from an organization to a prospective purchaser or business partner? If so, what restrictions should apply?
Should PIPEDA define “work product”?
If so, how should PIPEDA treat work product?
Should organizations that suffer loss or theft of personal information have a legal duty to report the loss or theft? If so, under what conditions, and to whom should they report?
If there should be a duty to report, what sort of enforcement mechanism, if any, should be introduced to ensure that organizations comply with reporting requirements?
Does the current accountability principle in PIPEDA sufficiently protect personal information when it crosses borders?
If not, how might PIPEDA better protect that information?
Should PIPEDA be amended to explicitly permit the Privacy Commissioner to share information and cooperate in investigations with counterparts in other countries and with provincial counterparts in provinces that do not have “substantially similar” legislation?
Are there other organizations with which the Commissioner should be able to share information and cooperate?

Comments are closed.

Most Recent Comments

Michael Jakeman on Risk Management Revisited (Again): Navigating the Frontier of AI Regulation:

AI use and regulation are exciting topics but challenging to follow. The background you’ve provided is appreciated and I hope… more »
Michael Litchfield on Risk Management Revisited (Again): Navigating the Frontier of AI Regulation:

Thank you Kari. Very happy to be contributing again and nice to hear from you! more »
Michael Litchfield on Risk Management Revisited (Again): Navigating the Frontier of AI Regulation:

Thank you Kari. Happy to be contributing again and its great to hear from you! more »
John Willinsky on AI Today: Grand Theft Auto or Public Benefactor?:

Thanks, Verna, I'm in full agreement on the importance of crediting sources, both as a reward and for verification purposes.… more »

+ -

Spring Roundup of Legal Information News From Washington DC

From Pillar to Post: Signs of the Times in Law Publishing

Risk Management Revisited (Again): Navigating the Frontier of AI Regulation

AI Today: Grand Theft Auto or Public Benefactor?

Does AI Have a Soul? Can AI Show Empathy?

Describing a Police Shooting: A Lesson in Legal Writing

Privacy Review