Index All entries in the index reference page numbers.



Similar documents
Privacy Law in Canada

Privacy Law in Canada

Doing Business. A Practical Guide. casselsbrock.com. Canada. Dispute Resolution. Foreign Investment. Aboriginal. Securities and Corporate Finance

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

PERSONAL INFORMATION PROTECTION ACT

PIPEDA and Online Backup White Paper

Cloud Computing: Trust But Verify

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

AN INTRO TO. Privacy Laws. An introductory guide to Canadian Privacy Laws and how to be in compliance. Laura Brown

Taking care of what s important to you

Personal Information Protection Act. Information Sheet 5: 1. Personal Employee Information

Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

The Manitoba Child Care Association PRIVACY POLICY

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations

Cloud Computing: Privacy & Jurisdiction from a Canadian Perspective

Cloud Computing Contracts. October 11, 2012

COUNCIL OF THE EUROPEAN UNION. Brussels, 22 November /06 DATAPROTECT 45 EDPS 3

Central LHIN Governance Manual. Title: Whistleblower Policy Policy Number: GP-003

Cloud Computing: Privacy and Other Risks

Cloud Computing: Legal Risks and Best Practices

PROTECTION OF PERSONAL INFORMATION

Insurance Journal. Defending Until the End When Does the Duty to. Volume 1, Issue 3 Editor Keoni Norgren. May 1, 2013

3. Consent for the Collection, Use or Disclosure of Personal Information

We ask that you contact our Privacy Officer in the event you have any questions or concerns regarding this Code or its implementation.

Managing Contracts under the FOIP Act. A Guide for Government of Alberta Contract Managers and FOIP Coordinators

A Privacy Handbook for Lawyers PIPEDA AND YOUR PRACTICE

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?

Privacy Guidelines For Landlords and Tenants

Crawford Chondon &Partners LLP. Is your Business Ready for Canada s Anti Spam Law?

Taking care of what s important to you

Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual

STATUTORY INSTRUMENTS. S.I. No. 336 of 2011

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK

PRIVACY BREACH POLICY

PHIPA Potpourri. Judith Goldstein, Legal Counsel Information and Privacy Commissioner/Ontario. IPC Mediators April 21, 2015

PRIVACY, ANTI-SPAM AND YOUR BUSINESS: WHERE DO WE STAND? Presented by: Cameron Mitchell B.A., LL.B.

CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper

Privacy Statement. What Personal Information We Collect. Australia

Your privacy is important to CPABC. This Privacy Policy explains how CPABC collects, uses, discloses and retains your information. Who is CPABC?

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

INDIVIDUAL CLIENT AGREEMENT AGILITY FOREX LTD INDIVIDUAL CLIENT AGREEMENT

Hong Leong Asia Ltd.

How To Ensure Health Information Is Protected

British Columbia Personal Information Protection Act. Frequently Asked Questions:

THE PHONE RINGS FROM DOWN SOUTH: WHAT ISSUES SHOULD I CONSIDER FOR EXPANDING MY U.S. FRANCHISE INTO CANADA?

Best Practices in Data Management - A Guide for Marketers -

The Credit Reporting Act

The HR Skinny: Effectively managing international employee data flows

Personal Information Protection and Electronic Documents Act

The USA Patriot Act Government Briefing. Kirsten Tisdale, Chris Norman, Sharon Plater & Alexandra (Gina) Henley September 30, 2004

Troy Cablevision, Inc. Subscriber Privacy Policy

GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY

SURVEILLANCE AND PRIVACY

Protecting your privacy

Privacy Breach Protocol

Privacy in the Workplace Update What You Don t Know May Hurt You

HEALTH INFORMATION ACT

MICROSOFT OFFICE 365 PRIVACY IMPACT ASSESSMENT. Western Student E-Communications Outsourcing

PORTFOLIO MANAGEMENT ASSOCIATION OF CANADA

Policy Brief: Protecting Privacy in Cloud-Based Genomic Research

5.00 Employee in relation to the university, includes a volunteer and a service provider.

Personal Information Protection Act ( PIPA ) Privacy-Proofing Your Retail Business Tips for Protecting Customers Personal Information 1

Personal Information Protection Act (PIPA) Privacy & Landlord - Tenant Matters Frequently Asked Questions

KEY ISSUES IN PRIVACY AND INFORMATION MANAGEMENT

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law.

2. A Note about Children. We do not intentionally gather Personal Data from visitors who are under the age of 13.

POLICE RECORD CHECKS IN EMPLOYMENT AND VOLUNTEERING

Casino, Liquor and Gaming Control Authority Act 2007 No 91

PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS

Doing Business in Canada. SCG Legal Annual Meeting Vancouver, British Columbia September 2015

Zinc Recruitment Pty Ltd Privacy Policy

Personal Information Protection and Electronic Documents Act (PIPEDA)

NOTE: SERVICE AGREEMENTS WILL BE DRAFTED BY RISK SERVICES SERVICE AGREEMENT

VIDEO SURVEILLANCE GUIDELINES

Transcription:

Index All entries in the index reference page numbers. A Audit of organizations, 37-38, Access to personal information 162-163 by individual, 22, 31, 151-154 B assistance by organization, Biometrics, 123-125 153 palm-vein scanning of test- exceptions, 31 takers, 124-125 Model Code, principles, 180- privacy implications, 124-191 125 refusal to provide with reasonable purpose, 124 reasons, 153 voiceprint is personal third party personal information, 123 information, 154 Federal Court appeal held time limit to respond, 153 employee consent required, 124 written request, 152 reasonable purpose, 124 Accountability, 22, 180-181 Business continuity, see Accuracy, 22, 30, 186-187 Disaster recovery Anti-spam legislation, see FISA (Fighting Internet and C Wireless Spam Act) CASL, see FISA Applications service provider Canada Evidence Act (ASP) arrangements, 121- certificate, 146-147 122 Canada s Anti-Spam Law Asset purchases, see Mergers, (CASL), see FISA (Fighting acquisitions and asset Internet and Wireless Spam purchases Act) 217

PIPEDA Quick Reference 2015 Edition Checklists outsourcing, see Outsourcing health care institution privacy purpose of collection program implementation, 86- identified and reasonable, 21, 90 24, 27, 146, 181-182 outsourcing or transferring ten privacy principles under personal information across Sch. 1 of PIPEDA for, 22-23, borders, 69 178-189 PIPEDA compliance for third-party, 26-27, 29, 64-65 educational institutions, 102- consents needed, 65 103 due diligence re consents CIBC decision, 55-58 and contracts, 65 Collection, use, and disclosure without knowledge or consent, of personal information 148-151 consent, see Consent Commercial activities definition of personal defined, 16-17, 144 information, 145 outsourcing and, 53-54 disclosure by Privacy Complaints process, 34-43, Commissioner, 164-165 157-161, 187 to investigative bodies, challenge to compliance, 23, regulation 2001-6, 205-209 191 grandfathering of, 33-34 court hearing, 161-162 limitation of, 22, 29 dispute resolution excessive collection, 27-28 mechanisms, 35-36, 156, 159 Model Code, principles, hearing in Federal Court, see 185-186 Federal Court reasonable purpose, 24, 27- information to include in, 34 28 investigation of complaints sensitive information, 28-29 discontinuance of, 160 use, disclosure and investigator assigned, 35, retention, 22, 29 157-158 mergers, acquisitions and notification of complainant, asset purchases, see Mergers, 157 acquisitions and asset powers of Commissioner, purchases 158-159 218

Index Complaints process (cont d) publicly available lodge complaint with Federal information, regulation Privacy Commissioner, 34-35 2001-7, 210-211 letter of findings, 35 response to subpoena, no direct power of warrant, order of court, 149 enforcement, 35 statistical, or scholarly study report with or research, 151 recommendations, 35, 161 exceptions to, 27, 148-149 within one year, 37 express, 25-27 Compliance team, 31-32 implied, 25-27 privacy officer, 31 methods of giving, 26-27 Consent opt-out consent, 25, 27 collection without knowledge principle, Model Code, 182- or consent, 148-149 185 collection reasonable to third-party use, 26 investigate breach, 148 use without knowledge or disclosure of purposes consent, 148-149 required by law, 149, 181- emergency threatening life, 182 health, security, 149 interests of individual, 148 investigation of publicly available contravention of laws of information, 148 Canada, 149 solely for journalistic, publicly available artistic or literary purposes, information, 149 148 statistical, or scholarly study disclosure without knowledge or research, 149 or consent, 149-151 Cookies case, see under debt collection by Information technology organization, 149 emergency threatening life, D health, security, 150 Damages government request, 150 humiliation, 40-42 indictable offences, 43, 71 Data breach, 44-45 219

PIPEDA Quick Reference 2015 Edition Data mining, 116-117 signed consent, 98 point-of-sale data includes without consent, 97 personal information, 117 commercial activities, 94-96, Deep packet inspection (DPI), 144 118 employee information, 100- access personal information 101 sent over Internet, 118 fundraising, 99-100 Bell advised to disclose to affinity marketing programs, customers the use of DPI, 118 100 Disaster recovery, 122-123 commercial activity or not, Disclosure of information, see 99-100 Collection, use, and disclosure student records, 101-102 of personal information access to, private schools, E 101-102 commercial activities, 101, ebay s detailed privacy policy, 142 129 correction of records, Education sector, 91-103 private schools, 101-102 applicability of PIPEDA, 91- tri-council policy statement 94 protocols, 98-99 universities and private for- Electronic documents profit educational copies, 177 institutions, 94 defined, 172 archives held by educational institutions, 99 evidence or proof, as, 174 checklist, PIPEDA compliance payments, 173 for educational institutions, regulations 102-103 Canada Labour Code, collection of personal 2008-115, 196-197 information for statistical, Federal Real Property and scholarly or research Federal Immovables Act, purposes, 96-99 2004-308, 193-195 anonymity on collection, 98 Investigative Bodies, 2001- implied consent, 97 6, 205-209 220

Index Electronic documents (cont d) PIPEDA application, federal Publicly Available works, undertakings or Information, 2001-7, 210- businesses, 131, 144 211 retention, 174-175 F seals, 175 Facebook privacy signatures, secure, 176, 177, investigation, 112-116 212-215 Federal Court statements under oath, 176- hearing on complaint, 161-162 177 order compliance, 40-42 statutory forms and filing, 173-174 remedies, 162 E-mail addresses, personal order damages, 40-42, see information also Damages E-mail monitoring by request for hearing to, 40, 42 employer, 134 FISA (Fighting Internet and Employment relationship, 32- Wireless Spam Act), 12-13 34, 131-141 G labour arbitrator s jurisdiction, 140 Genetic testing, see Healthcare medical information sector collection, 138-140 Global positioning systems disclosure permitted for (GPS) installation by appeal process, 139 employer, 134-136 privacy policy needed, 139 Google Buzz privacy violation, reasonable purpose required, 116 139 Google s Street View security checks, 137-138 application, 118-119 employee consent required, 138 Google Wi-Fi privacy concerns, 119 surveillance, 132-134, 136, see also Surveillance of Grandfathering of employees information, 33-34 221

PIPEDA Quick Reference 2015 Edition H tri-council policy, 79-80 Health records, see topics personal health information under Healthcare sector defined, 71-72, 145 Health research, see Healthcare employer collected, 138-140 sector physicians prescribing Healthcare sector, 71-90 patterns, sale of information, 83-84 checklist, privacy program implementation, 86-90 provincial health information privacy statutes, 75-77 collection, use, and disclosure of personal health statutory reporting obligations, information, 77-84 83 consent, 77 when does PIPEDA apply, exceptions, 78 73-75 emergency threatening I patient s life, safety, or security, 78 Imaging technology, 118-119 patient s interest, 78 Google s Street View required by law, 78 application, 118-119 fax machines and Internet Individual access, 189-190 concerns, 78-79 Information technology commercial activities, 73-75 biometrics, see Biometrics preponderant purpose test, compliance tips, 127-129 73 consent obtained custodians in Ontario, electronically, 108-109 regulation, 2005-399, 198 disclosure for subpoena, opt-out form, 109 warrant or court order in civil privacy statement, 108-109 litigation, 82 cookies, information stored is fundraising activities, 75 personal, 111 genetic testing, 80-81 cookies, advertising, 107 health research, 79-80 Cookies case, 105-107 consent exception, 80 Commissioner s finding of research ethics board breach, 106 (REB), 79-80 cookies, defined, 105 222

Index Information technology (cont d) examples of breach of privacy concern, 106 PIPEDA, 128-129 data mining, see Data mining radio frequency identification deep packet inspection, see device, see Radio frequency Deep packet inspection (DPI) identification device (RFID) disclosure of on-line social networking, see Social information to police during networking sites an investigation, 126-127 International transfer of imaging technology, see personal information, see Imaging technology under Outsourcing Internet-based marketing, see Internet-based marketing, Internet-based marketing 110-112 live video streaming, see Live cookies, information stored is video streaming personal, 111 need for compliance, 109-110 e-mail addresses, personal damage to reputation when information, 110-111 information use practices spyware, likely breach of disclosed, 110 PIPEDA, 111-112 Federal Court damage order, Investigation of complaint, see 109 Complaints process Google privacy deficiencies and third-party audit, 109- L 110 Live video streaming, 125-126 PIPEDA non-compliance privacy policy and passwords may affect ability to protection, 125-126 contract, 110 webcam service at daycare, outsourcing, see Outsourcing 125 payload data collection, see Payload data collection M PIPEDA compliance tips, Mergers, acquisitions and 127-129 asset purchases, 65-68, see audit, designate privacy also Outsourcing officer, privacy policy, customers and patients consents, 127 consent, 67 223

PIPEDA Quick Reference 2015 Edition Mergers, acquisitions and asset comparable level of purchases (cont d) protection, 52 employee information to joint no disclosure, therefore no venture partner, 66-67 consent needed, 52-53 employee information to guarantees required by potential purchaser, 67 transferring organization from issues to explore by potential agent, 55 purchase re personal information technology information, 65-68 services, 119-123 privacy policy inclusion, 66- applications service provider 67 (ASP) arrangements, 121- sale of customer list, 68 122 share purchase transaction, 68 disaster recovery, 122-123 business continuity, 122 O transfer of personal Openness principle, 188-189 information to third party, 120-121 Outsourcing, 52-64 transfer vs disclosure, checklist, 69 120-121 CIBC decision by Privacy transfer privacy Commissioner, 55-58 requirements from affirmed in SWIFT outsourcer, 120-121 decision, 58 transmission of personal CIBC customer concerns re information to third party, U.S. service provider, 56 120 CIBC transparent about international transfer of policies on outsourcing, 58 personal information, 59-64 comparable level of Accusearch case, 60-61 protection found, 57 disclosure of personal customer consent not information without required, 57-58 consent, 60 Office of the Superintendent PIPEDA breached, 59-61 of Financial Institutions Privacy Commissioner (OFSI) approval, 56-57 and U.S. Federal Trade commercial activities, 53-54 Commission, 60 224

Index Outsourcing (cont d) data breach, see Data breach affiliated corporations, 62- defined, 19-21, 145 64 exclusions, 18-19 advance notice to customers, 63-64 identifiable individual, 19, 72 comparable level of data outsourcing, see Outsourcing protection, 63 publicly available, regulation, checklist, 69 2001-7, 210-211 comparable level of reasonable expectation of protection, 59 privacy, see Reasonable expectation of privacy KLM case, 61-62 safeguards (security), 23, 30- failure to provide 31, 187-189 applicant access to information, 61 Personal Information transparency re outsourcing, Protection and Electronic 59 Documents Act (PIPEDA) notification of outsourcing activities covered by Act, 16- required, 62 17, 32, 131-141 privacy policy transparent, 58, collected in course of 59 commercial activities, 16-17, 146 P digital signatures, 17 Payload data collection, 119 federal works, undertakings Google Wi-Fi privacy or businesses, 132, 146 concerns, 119 activities not covered by Act, 18-19, 144 Penalties, see Damages employment related Personal information information collected by access by individual to, 22, 31 private sector employers, 16 accuracy, 22 personal information held collection, use, and disclosure, by government covered by see Collection, use, and Privacy Act, 19 disclosure of personal application, 15-16, 129, 146 information education sector, see compliance team, 31-32 Education sector 225

PIPEDA Quick Reference 2015 Edition Personal Information electronic documents, see Protection and Electronic Electronic documents Documents Act grandfathering clause, none, (PIPEDA) (cont d) 33-34 employment relationship, Model Code for Protection of see Employment Personal Information relationship (Schedule 1), 180-191 healthcare sector, see origins of the Act, 9-15 Healthcare sector Bill C-12 proposed changes, information and technology- 11-12 intensive businesses, see digitization of information, Information technology 8-9 definitions, 143-145 European Union privacy alternative format, 144 directives, 9-10 commercial activity, 144 in force January 2001, 2 commissioner, 144 Internet implications, 8-9 Court, 144 OECD principles re privacy data, 172 protection, 9 electronic document, 172 recommended changes to the Act, 11-12 electronic signature, 172 personal information, defined, federal law, 172 19-21, 145 federal work, undertaking privacy or business, 144-145 defined, 7 filing, 174 principles, ten, 22-23, 180- organization, 145 191 personal health provincial privacy legislation information, 145 and, 75-77 personal information, 145 purpose of Act, 145-146 record, 145 regulations, see Electronic responsible authority, documents 172-173 review of Act every five secure electronic years, 10-12, 171 signature, 172 should, 148 226

Index Privacy Privacy Commissioner s defined, 7 agreement with provinces, 166-167 policy sample, 45-50 Quebec, 14 principles, ten, 22-23, 180-191 relationship to PIPEDA, 75-77 challenging compliance to, 23 substantially similar to federal, 14-15, 75-77 Privacy Commissioner, see also Complaints process R agreements with provinces, Radio frequency identification 166-167 device (RFID), 117 annual report, 169 Ontario Privacy audit of organizations, 37-38 Commissioner s guidelines, Commissioner, defined, 144 117 disclosure of information to personal information may be foreign state, 167-168 associated with, 117 investigative powers, 35-36 Privacy Commissioner is studying use in Canada, 117 mediation, 35, 159 no power of enforcement, 35 Reasonable expectation of privacy, 21, 132-134 protection of, 165-166 role of, 34-43 Regulations Governor in Council, made solicitor-client privilege, 35- by, 169-170, 176-177 37 Privacy policy, 23-24 S officer, 23, 31 Safeguards (security) of openness of, 23, 30-31, 118, personal information, 23, 30-188-190 31, 187-188 sample of, 45-50 Sample privacy policy, 45-50 Provincial private sector Security checks, 137-138 privacy legislation, 14-15 Social networking sites, 112- Alberta, 14 116 British Columbia, 14 Facebook privacy Ontario, 14 investigations, 112-116 227

PIPEDA Quick Reference 2015 Edition Social networking sites (cont d) Google Buzz privacy violation, 116 Solicitor-client privilege, 35-37 Spam, see FISA (Fighting Internet and Wireless Spam Act) Spyware, likely breach of PIPEDA, 111-112 Substantially similar federal for violation of employment contract, 137 video recording of picket line crossing, 136-137 Third party data collection, 64-65 United States privacy requirement, 14-15 legislation, 13 Surveillance of employees, USA Patriot Act, 55, 62 132-137 Use of personal information, e-mail monitoring, 134 see Collection, use, and global positioning systems disclosure of personal (GPS) installation, 134-135 information appropriate purpose, 135 V implied consent, 133, 135 justification for surveillance Video surveillance, 54, 128, must be reasonable, 132-133 132-136 Canadian Pacific Railway W video camera case, 132-133 signs must be posted to Whistle-blowing, 170 alert employees of video protection of, 170 cameras, 133 surreptitious, 136 guidelines issued for covert and non-covert video surveillance, 137 T U 228

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information