Canada has two federal privacy laws: the Privacy Act, and the Personal Information Protection and Electronic Documents Act (PIPEDA).
The Public Sector
The federal Privacy Act, in place since 1983, protects the personal information collected by government institutions. 'The law has three basic components: it grants individuals the legal right of access to personal information held about them by the federal government; it imposes fair information obligations on the federal government in terms of how it collects, maintains, uses and discloses personal information under its control; and it puts in place an independent ombudsman, the Privacy Commissioner, to resolve problems and oversee compliance with the legislation'. (Canada's Federal Privacy Laws)
The Private Sector
The Personal Information Protection and Electronic Documents Act (PIPEDA) addresses the collection, storage and use of personal information by organizations in the private sector. 'Essentially, PIPEDA seeks to balance an individual’s right to privacy with the reasonable needs of organizations to collect, use and disclose information for economic purposes'. (Canada's Federal Privacy Laws)
PIPEDA is 'an Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions and by amending the Canada Evidence Act, the Statutory Instruments Act and the Statute Revision Act.' (Privacy Commissioner of Canada)
PIPEDA came into effect in three stages:
Ø On January 1, 2001, the Act applied only to federally regulated agencies, such as telecommunications companies, broadcasters, airlines and banks. It also covered interprovincial or international trade in personal information.
Ø On January 1, 2002, personal health information became subject to the Act.
Ø On January 1, 2004, the provisions of the Act extended more broadly to include provincially-regulated private-sector organizations, such as insurance companies and retail stores, unless the province has passed 'substantially similar' legislation. To date, only Quebec, Alberta, Ontario (with respect to personal health information) and British Columbia have provincial legislation that has been accorded the status of 'substantially similar' to PIPEDA. (Canada's Federal Privacy Laws)
PIPEDA gives individuals the right to see and correct any personal information about them collected by companies in the course of their commercial activities. These provisions state that businesses must inform consumers of who is collecting the information, why the information is being gathered, and for what purposes it will be used. 'Organizations subject to PIPEDA are required to comply with the 10 privacy principles and the individual’s right of access to his or her personal information set out in the Canadian Standards Association’s Model Code for the Protection of Personal Information'. (Canada's Federal Privacy Laws)
The Federal Privacy Act can be found at http://www.justice.gc.ca/
The Canada's Federal Privacy Laws (PRB 07-44E) canvass the federal landscape in terms of privacy legislation, its legislative history, and the need for modernization at a time when technology and terrorism are rapidly transforming the world in which we live.
The Privacy Commissioner of Canada is an Officer of Parliament who reports directly to the House of Commons and the Senate. The mandate of the Office of the Privacy Commissioner of Canada (OPC) is overseeing compliance with both the Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA).