Please enable JavaScript.
Coggle requires JavaScript to display documents.
Privacy Legislation (UK, US & Canada), Privacy Programme Canada:
…
Privacy Legislation (UK, US & Canada)
Private
Federal
PIPEDA (Personal Information Protection & Electronic Documents Act) - only act in Canada that has been given adequacy by the EU
passed in 2001
10 Privacy Principles
OPC - can suggest improvements - needs to apply to court for enforcement
-
Bill C-27 - Consumer Privacy Protection Act (CCPA)
(Digital Charter Implementation Act)
(will modify PIPEDA & implement new laws
strengthen privacy rights)
Introduced in 2022 & re-introduced in 2023
OPC may have the ability to fine organisations
3/5% - $10m/$25m penalties depending on the offense
Personal Information & Data Protection Tribunal Act (focused on privacy and data protection - address disputes related to privacy breaches and data handling)
Artificial Intelligence and Data Act (AIDA) (deals with artificial intelligence (AI) and data governance. It aims to set guidelines for responsible AI use, data transparency, and accountability)
Consumer Privacy Protection Act (CCPA) (replaces Part 1 of PIPEDA - governing statute for data privacy at the federal level)
Provincial
(PIPAs - 2004)
Exempts from PIPEDA
PID/Employment/Non-Commercial
Consent is a main driving principle for the PIPAs
-
-
Quebec Act (passed 1994) "La Commission"
Civil Code Principles
Commercial activities
Labour unions
Lawyers
Physicians
The Privacy Legislation Modernisation Act Law 25 (Bill 64 adopted) Quebec National Assembly
Closer to GDPR than PIPEDA
-
Canada's Ant-Spam Legislation (CASL) (toughest anti-spam law in the world)
- Enforced by the Canadian Radio-Television & Telecommunications Commission
- Relates to Commercial Electronic Messages (CEMs) & - Computer Installed Programs
- Prohibits the unauthorised alternation of transmission data
Artificial Intelligence and Data Act (AIDA) - still to be approved by the government
Provide an account for the system
Inform individuals of any decisions that could have a significant impact
Required to provide individuals with explanations
Meet consumer protection and human rights
AI and Data Commissioners position will be created
Prohibit reckless and malicious uses of AI
Public
Federal
-
Privacy Act (approved 1980s)
Imposes rules on the federal government
Gives the OPC the right to investigate the government3
There are parameters - consent, purpose obtained
13 situations provided for situations where consent would not be needed for disclosure or transfer
Openness: Government institutions must notify the Treasury Board Secretariat via the publication in Info Source of personal information banks and classes of PID annually
Right to Access: 30 days for a response
Retention: 2 years from the last activity/use (decision making process) unless consent from the individual to dispose of earlier / access to information has been received & the individual has had an opportunity to exercise their rights
Privacy Impact Assessments: Treasury Board - Directive of PIAs
-
Provincial
Freedom of Information and Protection of Privacy Act (FIPPA)
Request copies of public information held by ministries and the Office of the Premiers OR
Obtain their PID from public institutions
-
-
-
-
10 Privacy Principles (Schedule 1):
Principle 1. Accountability (4.1)
Principle 2. Identifying purpose (4.2)
Principle 3. Consent (4.3)
Principle 4. Limiting collection (4.4)
Principle 5. Limiting use, disclosure & retention (4.5)
Principle 6. Accuracy (4.6)
Principle 7. Safeguards (4.7)
Principle 8. Openness (4.8)
Principle 9. Individual access (4.9)
Principle 10. Challenging compliance (4.10)
Note: Collection, Storage, Use & Disclosure/Communication of PID
Division 1.1 Breaches of Security Safeguards
OPC website allows investigation tool search against each CSA standard and complaint type
-