|
48-49 ELIZABETH II |
|
|
CHAPTER 5 |
|
|
An Act to support and promote electronic
commerce by protecting personal
information that is collected, used or
disclosed in certain circumstances, by
providing for the use of electronic means
to communicate or record information or
transactions and by amending the
Canada Evidence Act, the Statutory
Instruments Act and the Statute Revision
Act
|
|
|
[Assented to 13th April, 2000]
|
|
|
|
|
|
SHORT TITLE |
|
Short title
|
1. This Act may be cited as the Personal
Information Protection and Electronic
Documents Act.
|
|
|
PART 1 |
|
|
PROTECTION OF PERSONAL INFORMATION IN THE PRIVATE SECTOR |
|
|
Interpretation |
|
Definitions
|
2. (1) The definitions in this subsection
apply in this Part.
|
|
``alterna- tive format'' « support de substitu- tion »
|
``alternative format'', with respect to personal
information, means a format that allows a
person with a sensory disability to read or
listen to the personal information.
|
|
``commer- cial activity'' « activité commerciale »
|
``commercial activity'' means any particular
transaction, act or conduct or any regular
course of conduct that is of a commercial
character, including the selling, bartering or
leasing of donor, membership or other
fundraising lists.
|
|
``Commission
er'' « commissaire »
|
``Commissioner'' means the Privacy
Commissioner appointed under section 53
of the Privacy Act.
|
|
``Court'' « Cour »
|
``Court'' means the Federal Court-Trial
Division.
|
|
``federal
work,
undertaking
or business'' « entreprises fédérales »
|
``federal work, undertaking or business''
means any work, undertaking or business
that is within the legislative authority of
Parliament. It includes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
``organization
'' « organisa- tion »
|
``organization'' includes an association, a
partnership, a person and a trade union.
|
|
``personal
health
information'' « renseigneme nt personnel sur la santé »
|
``personal health information'', with respect
to an individual, whether living or
deceased, means
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
``personal
information'' « renseigneme nt personnel »
|
``personal information'' means information
about an identifiable individual, but does
not include the name, title or business
address or telephone number of an
employee of an organization.
|
|
``record'' « document »
|
``record'' includes any correspondence,
memorandum, book, plan, map, drawing,
diagram, pictorial or graphic work,
photograph, film, microform, sound
recording, videotape, machine-readable
record and any other documentary material,
regardless of physical form or
characteristics, and any copy of any of those
things.
|
|
Notes in
Schedule 1
|
(2) In this Part, a reference to clause 4.3 or
4.9 of Schedule 1 does not include a reference
to the note that accompanies that clause.
|
|
|
Purpose |
|
Purpose
|
3. The purpose of this Part is to establish, in
an era in which technology increasingly
facilitates the circulation and exchange of
information, rules to govern the collection,
use and disclosure of personal information in
a manner that recognizes the right of privacy
of individuals with respect to their personal
information and the need of organizations to
collect, use or disclose personal information
for purposes that a reasonable person would
consider appropriate in the circumstances.
|
|
|
Application |
|
Application
|
4. (1) This Part applies to every
organization in respect of personal
information that
|
|
|
|
|
|
|
|
Limit
|
(2) This Part does not apply to
|
|
|
|
|
|
|
|
|
|
|
Other Acts
|
(3) Every provision of this Part applies
despite any provision, enacted after this
subsection comes into force, of any other Act
of Parliament, unless the other Act expressly
declares that that provision operates despite
the provision of this Part.
|
|
|
DIVISION 1 |
|
|
PROTECTION OF PERSONAL INFORMATION |
|
Compliance
with
obligations
|
5. (1) Subject to sections 6 to 9, every
organization shall comply with the obligations
set out in Schedule 1.
|
|
Meaning of
``should''
|
(2) The word ``should'', when used in
Schedule 1, indicates a recommendation and
does not impose an obligation.
|
|
Appropriate
purposes
|
(3) An organization may collect, use or
disclose personal information only for
purposes that a reasonable person would
consider are appropriate in the circumstances.
|
|
Effect of
designation of
individual
|
6. The designation of an individual under
clause 4.1 of Schedule 1 does not relieve the
organization of the obligation to comply with
the obligations set out in that Schedule.
|
|
Collection
without
knowledge or
consent
|
7. (1) For the purpose of clause 4.3 of
Schedule 1, and despite the note that
accompanies that clause, an organization may
collect personal information without the
knowledge or consent of the individual only if
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Use without
knowledge or
consent
|
(2) For the purpose of clause 4.3 of
Schedule 1, and despite the note that
accompanies that clause, an organization may,
without the knowledge or consent of the
individual, use personal information only if
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Disclosure
without
knowledge or
consent
|
(3) For the purpose of clause 4.3 of
Schedule 1, and despite the note that
accompanies that clause, an organization may
disclose personal information without the
knowledge or consent of the individual only if
the disclosure is
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Use without
consent
|
(4) Despite clause 4.5 of Schedule 1, an
organization may use personal information for
purposes other than those for which it was
collected in any of the circumstances set out in
subsection (2).
|
|
Disclosure
without
consent
|
(5) Despite clause 4.5 of Schedule 1, an
organization may disclose personal
information for purposes other than those for
which it was collected in any of the
circumstances set out in paragraphs (3)(a) to
(h.2).
|
|
Written
request
|
8. (1) A request under clause 4.9 of
Schedule 1 must be made in writing.
|
|
Assistance
|
(2) An organization shall assist any
individual who informs the organization that
they need assistance in preparing a request to
the organization.
|
|
Time limit
|
(3) An organization shall respond to a
request with due diligence and in any case not
later than thirty days after receipt of the
request.
|
|
Extension of
time limit
|
(4) An organization may extend the time
limit
|
|
|
|
|
|
|
|
|
|
|