|OVERVIEW||Privacy is regulated in both the public and private sectors in Canada, and at both federal and provincial levels. The Privacy Act regulates the federal public sector, while provincial and territorial statutes offer public sector privacy protection in those jurisdictions. The Personal Information Protection and Electronic Documents Act (PIPEDA) applies to private sector commercial activities throughout the country, with the exception of three provinces (Alberta, British Columbia and Quebec) that have enacted "substantially similar" provincial legislation of their own. Four provinces have passed legislation for the protection of information in the health sector.|
|GENERAL PRIVACY LAWS||
Canada has two main federal privacy laws: Privacy Act (1985)and Personal Information Protection and Electronic Documents Act (2000).
In May 2010, the Canadian Parliament introduced the Safeguarding Canadians' Personal Information Actwhich amends PIPEDA.
|PERSONAL DATA PROTECTION LAWS AND REGULATIONS||Canada has two main federal privacy laws: Privacy Act (1985) and Personal Information Protection and Electronic Documents Act (2000).|
|TYPE OF DATA PROTECTED||Personal Information.|
|WORKPLACE PRIVACY LAWS||Canadian Privacy Commissioner, Fact Sheet: Application of the Personal Information Protection and Electronic Documents Act to Employee Records (2004), available at Link.|
|TRANSBORDER TRANSFERS||PIPEDA does not specifically mention transborder transfers of personal information.|
|FINES AND SANCTIONS||The federal Privacy Commissioner receives complaints, conducts investigations and issues findings on matters related to both the public sector (Privacy Act) and the private sector (PIPEDA). Under both of these Acts, the Commissioner has the power to make recommendations; however, she cannot issue orders or impose penalties. Also under both statutes, the Commissioner has broad investigatory powers, including the power to subpoena witnesses and compel testimony, to enter premises in order to obtain documents and to conduct interviews. The Commissioner is also charged with conducting periodic audits of both federal institutions and private organizations to determine their compliance with the Privacy Act and PIPEDA, respectively.|
|OTHER PRIVACY LAWS AND REGULATIONS||
A number of federal statutes address the privacy of personal information in specific sectors. For example, the Bank Act, Bank Act 1991, the Insurance Companies Act and Trust and Loan Companies Act, permit regulations regarding the use of information provided by customers. Under the Telecommunications Act, the Canadian Radio-Television and Telecommunications Commission (CRTC) is mandated to regulate telecommunications companies so as "to protect the privacy of persons," among other policy objectives. It has done so mainly through regulations governing the confidentiality of customer records, the ability of customers to block the display of their names and numbers on the telephone sets of people and to regulate unsolicited communications by rules governing telemarketing (but not spam). Additional privacy protections are built into the Young Offenders Act and the Corrections and Conditional Release Act. The Young Offenders Act regulates the information that can be disclosed about offenders under the age of 18, while the Corrections and Conditional Release Act speaks to the information that can be disclosed to victims and their families. Some provinces also have sector-specific laws to protect personal information, including health-specific privacy laws, consumer credit reporting laws, laws regulating information from credit unions, and legislation imposing restrictions on the disclosure of personal information held by private investigators and other professionals.
Ontario, Alberta, Manitoba, and Saskatchewan have all passed health privacy legislation, which sets rules for the collection, use, and disclosure of personal health information. These laws apply to personal health information held by hospitals, government ministries, regulated health professionals, and other health care facilities or information custodians.