Laws regarding rights to personal information – The Law

Reading Time: 2 minutes

Published: June 6, 2002

Last week’s column dealt with the right of public access to government

information and the right to privacy. An equally important issue is the

use of personal information gathered by private companies, be it banks,

credit card companies or grain handling firms.

In January 2001, a federal law, the Personal Information Protection and

Electronic Documents Act, came into force. This legislation applies to

businesses operating under federal law, such as banks, airlines and

grain handling companies.

Read Also

View of a set of dumbbells in a shared fitness pod of the smart shared-fitness provider Shanghai ParkBox Technology Co. at the Caohejing Hi-Tech Park in Shanghai, China, 25 October 2017.

Smart shared-fitness provider Shanghai ParkBox Technology Co. has released a new version of its mobile app and three new sizes of its fitness pod, the company said in a press briefing yesterday (25 October 2017). The update brings a social network feature to the app, making it easier for users to find work-out partners at its fitness pods. The firm has also introduced three new sizes of its fitness boxes which are installed in local communities. The new two-, four- and five-person boxes cover eight, 18 and 28 square meters, respectively. ParkBox's pods are fitted with Internet of Things (IoT) equipment, mobile self-help appointment services, QR-code locks and a smart instructor system employing artificial intelligence. 



No Use China. No Use France.

Well-being improvement can pay off for farms

Investing in wellness programs in a tight labour market can help farms recruit and retain employees

By Jan. 1, 2004, it will apply to all provincial enterprises, unless

provinces enact similar legislation.

The governing principles of this legislation are that personal

information shall only be collected with the consent of the individual;

that the reason why information is collected will be disclosed; that

information collected will be that which is reasonable in the

circumstances; that as a condition of providing service a business will

not require a person to consent to collection or use of information

beyond that required to provide the service; that personal information

will only be kept as long as required to fulfil the contract; and that

an individual has a right to challenge any information and have it

amended as appropriate.

The federal privacy commissioner, George Radwanski, at 800-282-1376,

handles privacy violation complaints. Here are two examples handled by

the commissioner.

An individual signing up for internet service was asked to provide her

social insurance number and was told “no SIN, no connection.” In

dealing with the complaint the commissioner noted the long-standing

position that the SIN not be used as a universal identifier. He was

satisfied that a reasonable person would object to the collection of

SINs for the purpose of internet connection.

The commissioner concluded the company was not in compliance with the

principles of the act. The company removed the SIN from the

individual’s file and was in the process of changing its policy so that

SINs would no longer be requested.

The next example involves a bank. A person applied for a credit card

but was turned down. She then requested that the information she

provided be deleted from the bank’s computer system.

The branch manager informed the applicant he did not have the authority

to remove the information. The commissioner found the bank in breach of

the principles by indefinitely keeping the information on hand. He

noted that the bank subsequently deleted the information but had not

communicated it to any third parties.

Recently, the commissioner ruled against Air Canada and its Aeroplan.

He found that personal information in the plan was shared with

“corporate partners and agents for direct mail marketing campaigns.” He

was also critical of the company’s negative or opt-out consent.

Negative consent means you have to contact the company and ask that

your personal information not be disclosed to other parties. He

concluded that the opt-out clause puts the responsibility on the wrong

party.

Full details on the act and the work of the commissioner can be found

at the website, www.privcom.gc.ca.

Don Purich is a former practising lawyer who is now involved in

publishing, teaching and writing about legal issues. His columns are

intended as general advice only. Individuals are encouraged to seek

other opinions and/or personal counsel when dealing with legal matters.

explore

Stories from our other publications