Personal Information Protection Act - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

Personal Information Protection Act

Description:

'The right to control access to one's person and information about ... Birth date Insurance Companies. Gender Retailers. Address Landlords. Education Employers ... – PowerPoint PPT presentation

Number of Views:401
Avg rating:3.0/5.0
Slides: 31
Provided by: hilarylyna
Category:

less

Transcript and Presenter's Notes

Title: Personal Information Protection Act


1
Personal Information Protection Act
  • Bill 44 An Introduction
  • May 2003

2
Overview
  • What is privacy?
  • Why was PIPA introduced?
  • Who does it apply to?
  • What does it mean for private sector
    organizations?

3
What is privacy?
  • The right to control access to ones person and
    information about oneself.
  • George Radwanski
  • Privacy Commissioner of Canada

4
Threats to privacy
  • Modern threats to privacy chiefly arise in
    the collection and use of information about us.
  • Privacy used to be protected by default the
    nature of paper records.
  • Electronic records diminish the barriers of time,
    distance and cost that once guarded privacy.

5
Personal Information
  • Includes Held by
  • Name Banks
  • Birth date Insurance Companies
  • Gender Retailers
  • Address Landlords
  • Education Employers
  • Employment Fundraisers
  • Income Credit Bureaus
  • Medical History Sports Clubs

6
World-wide action on privacy
  • European Union Directive
  • US legislative patchwork safe harbours
  • Federal Personal Information Protection and
    Electronic Documents Act (PIPED Act) setting a
    minimum standard and a timeline not if, but how
  • Quebec Act /BC legislation/Possibly Ontario

7
Timing
  • Introduced in the Alberta Legislature on May 14,
    2003
  • Expect the Bill to pass in the fall of 2003
  • Proclamation date will be January 1, 2004
  • PIPA regulation will be developed over the summer

8
Personal Information Protection Act
  • The Act governs the collection, use and
    disclosure of personal information by
    organizations in a manner that recognizes both
  • The right of an individual to have his or her
    personal information protected, and
  • The need of organizations to collect, use or
    disclose personal information for purposes that
    are reasonable.
  • The Act provides a right of access to ones own
    personal information.

9
Organizations
  • The Act applies to organizations
  • Corporations,
  • Unincorporated associations,
  • Trade Unions (Labour Relations Code),
  • Partnerships (Partnerships Act),
  • Individuals acting in a commercial capacity, or
  • Any person acting on behalf of an organization
  • But not an individual acting in a personal or
    domestic capacity

10
Exclusions
  • When collected/used disclosed solely for
  • Personal or domestic purposes of an individual or
  • Artistic, literary or journalistic purposes
  • The Act does not apply to public bodies, or
    personal information protected by the Freedom of
    Information and Protection of Privacy Act or the
    Health Information Act

11
Exclusions
  • When a record containing personal information
  • Is at least 100 years old or
  • Relates to an individual who has been dead for at
    least 20 years
  • Personal information is excluded when
  • In court records, judicial records
  • Collected/used/disclosed by an Officer of the
    Legislature exercising statutory duties
  • Created by or for a MLA or an elected or
    appointed member of a public body

12
Responsibilities under the Act
Challenge compliance
Give access
Be open
Use appropriate safeguards
Be accurate
Limit use, disclosure, retention
Limit collection
Obtain consent
Identify the purpose
Be accountable
13
Be accountable
  • The organization is responsible for personal
    information in its custody or control
  • Designate 1 individuals responsible for
    compliance with the Act
  • Designates may delegate duties to others
  • In meeting responsibilities, organizations must
    act in a reasonable manner

14
Identify the purpose
  • Before or at the time of collecting personal
    information directly from an individual
  • Provide notice oral, written, electronic of
    purposes for collection, and
  • Identify a contact person for questions about the
    collection.

15
Obtain consent
  • Unless Act allows otherwise, organizations need
    consent
  • To collect personal information,
  • To collect personal information from anyone other
    than the individual,
  • To use personal information, or
  • To disclose personal information.
  • Consent can be express, implied, or opt-out
    depending on circumstances.
  • Individuals may withdraw or vary consent, subject
    to legal obligations.

16
Limit collection
  • Limit collection/use/disclosure to
  • purposes that are reasonable, and
  • the extent reasonable to fulfill the purposes.
  • Do not make consent to collect/use/disclose
    personal information a condition of supplying a
    product or service, beyond what is necessary to
    provide the product or service.

17
Limit use, disclosure and retention
  • Limit use and disclosure to
  • purposes that are reasonable, and
  • the extent that is reasonable to fulfill the
    purposes.
  • Consent is needed unless the Act permits
    otherwise.
  • Retain personal information, for legal or
    business purposes, as long as is reasonable.

18
Be accurate
  • Make a reasonable effort to ensure that any
    personal information collected, used or disclosed
    by or on behalf of an organization is accurate
    and complete.

19
Use appropriate safeguards
  • Make reasonable security arrangements against
    such risks as unauthorized access, collection,
    use, disclosure, copying, modification, disposal
    or destruction.
  • Applies to information in the organizations
    custody or control.

20
Be open
  • Develop and follow policies and practices to meet
    responsibilities under the Act
  • Make information about policies and practices
    available upon request

21
Give individuals access
  • Individuals can request access to their own
    personal information.
  • Taking into account what is reasonable
  • Access must be given,
  • Purposes for use of the information, and
  • Names of persons to whom information has been
    disclosed and the circumstances.
  • Organizations have a duty to assist applicants.
  • Reasonable fees may be charged.

22
Challenge compliance
  • If access to any part of an individuals
    information is refused, must provide
  • The reasons for refusal, citing the Act,
  • Name of person who can answer questions,
  • Notice that the individual can request a review
    by the Information and Privacy Commissioner.

23
What is reasonable?
  • When reasonable is used in the Act it means
  • What a reasonable person
  • would consider appropriate in the circumstances

24
Grandfathering
  • Personal information collected before January 1,
    2004, is deemed to have been collected with
    consent.
  • It may be used and disclosed by the organization
    for the purpose for which it was collected.
  • The general rules in the Act regarding
    safeguards, access, correction etc. still apply
    to this information.

25
Employee information
  • Allows certain personal employee information to
    be collected/used/disclosed without consent when
  • reasonably required for purposes of establishing,
    managing or terminating an employment or
    volunteer work relationship.
  • Does not include personal information unrelated
    to the employment or volunteer relationship.

26
Professional Regulatory Organizations
  • Are organizations under the Act
  • Have the option of creating a personal
    information code governing the
    collection/use/disclosure of personal information
    consistent with ss.1-35
  • An individual would still be able to request a
    review or complain to the Commissioner.
  • Details will be in regulation, to be developed
    over the summer in consultation with stakeholders.

27
Non-profit organizations
  • Non-profit organizations include
  • Societies incorporated under the
  • Societies Act
  • Agricultural Societies Act
  • Part 9 of the Companies Act
  • Otherwise defined in regulation
  • Act applies to personal information
    collected/used/disclosed in connection with a
    commercial activity carried out by a non-profit
    organization

28
The Information and Privacy Commissioner
  • Same Commissioner as the FOIP Act and Health
    Information Act
  • The Commissioner can
  • refer an individual to another grievance,
    complaint or review process before dealing with
    the complaint
  • authorize mediation to settle a complaint
  • conduct an inquiry
  • issue binding orders
  • authorize an organization to disregard requests

29
Privacy Help
  • Information Management, Access Privacy
  • Alberta Government Services
  • 3D, Commerce Place, 10155 102 Street
  • Edmonton, AB T5J 4L4
  • Web site www.psp.gov.ab.ca
  • Help Desk 780-644-PIPA (7472)
  • Toll free dial 310-0000 first
  • E-mail privacyhelpdesk_at_gov.ab.ca

30
Privacy Help
  • Office of the Information and Privacy
  • Commissioner
  • 410, 9925 109 Street
  • Edmonton, AB T5K 2J8
  • Web site www.oipc.ab.ca/pipa/
  • Phone 780-422-6860
  • Toll free dial 310-0000 first
  • E-mail generalinfo_at_oipc.ab.ca
Write a Comment
User Comments (0)
About PowerShow.com