Industry Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links

Industry Canada > Consumer Information > Canada’s Office of Consumer Affairs > For Consumers > Privacy & Identity Protection

Canada’s Office of Consumer Affairs (OCA)

Privacytown - Privacy Protection Guide

Privacytown Logo

The Privacytown Protection Guide

Have you ever tackled a simple "do-it-yourself" job around the house, which turned into a nightmare when the flux capacitor thingamabob wouldn't unscrew? Then you get to pay a premium to watch the repair person fix the problem in less than a minute with that little gizmo in his toolbox? Well, that doesn't happen in Privacytown. Our Privacy Protection Guide is filled with all kinds of useful information that will help you protect your privacy and find solutions if your privacy has been threatened or invaded.

So read on for an overview of privacy protection in Canada, or "learn as you go" on your tour through Privacytown.

What You Can Do

The protection of your privacy starts with you. You should:

Follow privacy smart practices.
You can avoid many privacy pitfalls by simply knowing how to protect your privacy. Being privacy smart means:
  • Be careful who you give your personal information to, especially over the Internet or the telephone, or in conversation with door to door canvassers or sales people.
  • Never send personal e-mail at work that you are not prepared to have your employer read.
  • Follow safe surfing rules to minimize the use of cookies, data mining, identity theft and other privacy intrusions. Read more about those rules in the Security at Home section.
  • Buy a shredder, and make sure financial information like credit card numbers never end up in the trash or recycling bin, where it can be harvested by identity thieves.
Know your privacy rights.
When you know the rules of the game, you know when they are being broken, and what, if anything, you can do about it.
Be assertive about your privacy rights.
Many organizations rely on people to provide personal information without complaint, whether they are entitled to it or not. Show them - politely of course - you are an informed consumer and an informed citizen.

The Role of Government

The federal government and all provincial governments have passed special privacy laws to protect the information they gather from their citizens. They have also included some privacy protection provisions in other selected statutes.

When it comes to privacy in Canada, though, it can be a little tricky to sort out who makes the laws, and who those laws apply to. Fear not, we will walk you through the basics...none of us want to get mired dwon in the depths of constitutional law classes, but it is important to know how your rights work.

Lesson 1: Privacy protection is divided between the federal government and the provinces.

Under the Constitution, the federal government deals with privacy in areas under federal responsibility, like national transportation or the military. The provinces legislate in areas of provincial concern, like health. So whether you look to federal laws or provincial laws to solve a privacy problem will depend on whether the organization you are dealing with is under federal or provincial responsibility. If it's a hospital, for example, it's a provincial matter. If it's a railway, it's federal.

This distinction will become a little less clear under the Personal Information Protection and Electronic Documents Act (PIPEDA), which came into force in January 2001, but rolled across the country to include all commercial activity in January 2004. For the first three years PIPEDA only applied to what we call the federally regulated industries...Banks, telecommunications carriers, airlines, etc. Now it appliesto all personal information collected, used or disclosed in the course of all commercial activity until a province passes a law that is substantially similar to the federal act. So basically, comprehensive coverage is almost here!

Lesson 2: The federal and provincial governments have passed special Privacy Acts.

All Canadian jurisdictions have protection of Privacy Acts. These acts are based on the OECD guidelines, a set of voluntary fair information practices whhich were agreed in 1980 at the Organiztion for Economic Cooperation and Development in Paris. They are somewhat weaker than the 10 Fair Information Practices which form the basis of PIPEDA, because in Canada we took the Guidelines and improved them by developing them into a national standard. Here are some of the important differences in the guidelines, which by and largeare reflected in the weaker public sector statutes:

  • they don't require that an individual consents to collection of the information
  • they allow an individual to challenge only the accuracy of the information, not whether it was collected in accordance with the Guidelines

These acts are designed to protect personal information collected by government institutions, and generally require that personal information is:

  • collected by government institutions only in direct relation to operating programs or activities
  • collected from the individual him or herself
  • accurate and up-to-date
  • retained to allow affected individuals the opportunity to gain access to it
  • used only for the purpose for which it was collected or a related purpose (or one of a number of specific purposes)
  • able to be corrected by the individual concerned, sometimes called the "data subject"

Lesson 3: These federal and provincial privacy acts apply only to government organizations, except in Québec.

These laws apply only to personal information collected by government organizations. They are still very significant, because governments collect, store and use large amounts of personal information in order to provide needed services. But they don't affect any information collected or used by private businesses or non-government organizations. The earliest exception is Quebec, which passed a privacy law that applies to personal information collected by the private sector, in 1993. Until PIPEDA passed, this was the only protection for personal information held in the private sector.

Lesson 4: The Personal Information Protection and Electronic Documents Act(PIPEDA) applies to the private sector.

In tax talk it's called "closing the loophole", and that's just what The Personal Information Protection and Electronic Documents Act (PIPEDA) does. It extends privacy protection to the private sector, and uses the Canadian Standards Association's model code for the Protection of Personal Information, CAN/CSA Q-830/96 as the foundation.

PIPEDA:

  • applies only to the private sector, not to government organizations
  • applies primarily to information gathered in the course of commercial activity, and doesn't protect against non-commercial intrusions into privacy
  • allows consumers to complain to the Federal Privacy Commissioner, and ultimately, to the Federal Court of Canada
  • will only apply to provinces which enact similar private sector laws with respect to the ares they cannot cover, such as transborder dataflows

Lesson 5: Other statutes include special privacy provisions.

In addition to these major privacy laws, there are a few other Acts and regulations that include specials provisions dealing with privacy. For example:

  • many provinces have credit reporting laws that deal with the use of personal information
  • all provinces include special privacy provisions in acts regulating private investigators and security guards
  • the federal government has special privacy regulations dealing with information collected by airline computer reservation systems.

The Role of Business

A number of industry associations have developed privacy codes that companies within their industries agree to use when they conduct business. To be a member of the association, a business has to agree to follow that code. These codes are voluntary, meaning that members of a business association have agreed to follow them without being required to do so by law...but now, of course, most of these companies and associations find their codes are operating within the legal framework. Many have updated to ensure they are legally compliant, some may not have done so. If a member of a sector association violates any part of a code, then a consumer can always complain to that Association, and ask for help in remedying the problem. For more information, see Voluntary Privacy Codes.

Date Modified: 2007-09-20

Top of page
Important Notices