What's New?
 - Sitemap - Calendar
Trade Agreements - FTAA Process - Trade Issues 

espa�ol - fran�ais - portugu�s
Search

Electronic Commerce

National Legislation - Canada 

Canada Bill C-6

The Personal Information Protection and Electronic Documents Act


2nd Session, 36th Parliament,
48 Elizabeth II, 1999

 

The House of Commons of Canada

 

BILL C-6

An Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions and by amending the Canada Evidence Act, the Statutory Instruments Act and the Statute Revision Act

 

      Her Majesty, by and with the advice and consent of the Senate and House of Commons of Canada, enacts as follows:

SHORT TITLE

Short title

 

1. This Act may be cited as the Personal Information Protection and Electronic Documents Act. 

PART 1index

PROTECTION OF PERSONAL INFORMATION IN THE PRIVATE SECTOR

Interpretation

Definitions

 

2. (1) The definitions in this subsection apply in this Part.

 

``alternative format''
support de substitution

 

``alternative format'', with respect to personal information, means a format that allows a person with a sensory disability to read or listen to the personal information.

 

``commercial activity''
activit� commerciale

 

``commercial activity'' means any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.

 

``Commissioner''
commissaire

 

``Commissioner'' means the Privacy Commissioner appointed under section 53 of the Privacy Act.

 

``Court''
Cour

 

``Court'' means the Federal Court-Trial Division.

 

``federal work, undertaking or business''
entreprises f�d�rales
``federal work, undertaking or business'' means any work, undertaking or business that is within the legislative authority of Parliament. It includes

      (a) a work, undertaking or business that is operated or carried on for or in connection with navigation and shipping, whether inland or maritime, including the operation of ships and transportation by ship anywhere in Canada;

      (b) a railway, canal, telegraph or other work or undertaking that connects a province with another province, or that extends beyond the limits of a province;

      (c) a line of ships that connects a province with another province, or that extends beyond the limits of a province;

      (d) a ferry between a province and another province or between a province and a country other than Canada;

      (e) aerodromes, aircraft or a line of air transportation;

      (f) a radio broadcasting station;

      (g) a bank;

      (h) a work that, although wholly situated within a province, is before or after its execution declared by Parliament to be for the general advantage of Canada or for the advantage of two or more provinces;

      (i) a work, undertaking or business outside the exclusive legislative authority of the legislatures of the provinces; and

      (j) a work, undertaking or business to which federal laws, within the meaning of section 2 of the Oceans Act, apply under section 20 of that Act and any regulations made under paragraph 26(1)(k) of that Act.

``organization''
organisation

 

``organization'' includes an association, a partnership, a person and a trade union.

 

``personal information''
renseignement personnel

 

``personal information'' means information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. 

``record''
document

 

``record'' includes any correspondence, memorandum, book, plan, map, drawing, diagram, pictorial or graphic work, photograph, film, microform, sound recording, videotape, machine-readable record and any other documentary material, regardless of physical form or characteristics, and any copy of any of those things.

 

Notes in
Schedule 1

 

(2) In this Part, a reference to clause 4.3 or 4.9 of Schedule 1 does not include a reference to the note that accompanies that clause.

 

Purpose

Purpose

 

3. The purpose of this Part is to establish, in an era in which technology increasingly facilitates the circulation and exchange of information, rules to govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances.

 

Application

Application

 

4. (1) This Part applies to every organization in respect of personal information that

 

    (a) the organization collects, uses or discloses in the course of commercial activities; or

    (b) is about an employee of the organization and that the organization collects, uses or discloses in connection with the operation of a federal work, undertaking or business.

Limit  (2) This Part does not apply to

    (a) any government institution to which the Privacy Act applies;

    (b) any individual in respect of personal information that the individual collects, uses or discloses for personal or domestic purposes and does not collect, use or disclose for any other purpose; or

    (c) any organization in respect of personal information that the organization collects, uses or discloses for journalistic, artistic or literary purposes and does not collect, use or disclose for any other purpose.

Other Acts

 

(3) Every provision of this Part applies despite any provision, enacted after this subsection comes into force, of any other Act of Parliament, unless the other Act expressly declares that that provision operates despite the provision of this Part.

 

DIVISION 1index

PROTECTION OF PERSONAL INFORMATION

Compliance with obligations

 

5. (1) Subject to sections 6 to 9, every organization shall comply with the obligations set out in Schedule 1. 

Meaning of ``should''

 

(2) The word ``should'', when used in Schedule 1, indicates a recommendation and does not impose an obligation.

 

Appropriate purposes

 

(3) An organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances.

 

Effect of designation of individual

 

6. The designation of an individual under clause 4.1 of Schedule 1 does not relieve the organization of the obligation to comply with the obligations set out in that Schedule.

 

Collection without knowledge or consent

 

7. (1) For the purpose of clause 4.3 of Schedule 1, and despite the note that accompanies that clause, an organization may collect personal information without the knowledge or consent of the individual only if 

    (a) the collection is clearly in the interests of the individual and consent cannot be obtained in a timely way;

    (b) it is reasonable to expect that the collection with the knowledge or consent of the individual would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province; or

    (c) the collection is solely for journalistic, artistic or literary purposes; or

    (d) the information is publicly available and is specified by the regulations.

Use without knowledge or consent  (2) For the purpose of clause 4.3 of Schedule 1, and despite the note that accompanies that clause, an organization may, without the knowledge or consent of the individual, use personal information only if 

    (a) in the course of its activities, the organization becomes aware of information that it has reasonable grounds to believe could be useful in the investigation of a contravention of the laws of Canada, a province or a foreign jurisdiction that has been, is being or is about to be committed, and the information is used for the purpose of investigating that contravention;

    (b) it is used for the purpose of acting in respect of an emergency that threatens the life, health or security of an individual;

    (c) it is used for statistical, or scholarly study or research, purposes that cannot be achieved without using the information, the information is used in a manner that will ensure its confidentiality, it is impracticable to obtain consent and the organization informs the Commissioner of the use before the information is used;

    (c.1) it is publicly available and is specified by the regulations; or

    (d) it was collected under paragraph (1)(a) or (b).

Disclosure without knowledge or consent

 

(3) For the purpose of clause 4.3 of Schedule 1, and despite the note that accompanies that clause, an organization may disclose personal information without the knowledge or consent of the individual only if the disclosure is

    (a) made to, in the Province of Quebec, an advocate or notary or, in any other province, a barrister or solicitor who is representing the organization;

    (b) for the purpose of collecting a debt owed by the individual to the organization;

    (c) required to comply with a subpoena or warrant issued or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with rules of court relating to the production of records;

    (c.1) made to a government institution or part of a government institution that has made a request for the information, identified its lawful authority to obtain the information and indicated that

      (i) it suspects that the information relates to national security, the defence of Canada or the conduct of international affairs,

      (ii) the disclosure is requested for the purpose of enforcing any law of Canada, a province or a foreign jurisdiction, carrying out an investigation relating to the enforcement of any such law or gathering intelligence for the purpose of enforcing any such law, or

      (iii) the disclosure is requested for the purpose of administering any law of Canada or a province;

    (d) made on the initiative of the organization to an investigative body, a government institution or a part of a government institution and the organization

      (i) has reasonable grounds to believe that the information relates to a breach of an agreement or a contravention of the laws of Canada, a province or a foreign jurisdiction that has been, is being or is about to be committed, or

      (ii) suspects that the information relates to national security, the defence of Canada or the conduct of international affairs;

    (e) made to a person who needs the information because of an emergency that threatens the life, health or security of an individual and, if the individual whom the information is about is alive, the organization informs that individual in writing without delay of the disclosure;

    (f) for statistical, or scholarly study or research, purposes that cannot be achieved without disclosing the information, it is impracticable to obtain consent and the organization informs the Commissioner of the disclosure before the information is disclosed;

    (g) made to an institution whose functions include the conservation of records of historic or archival importance, and the disclosure is made for the purpose of such conservation;

    (h) made after the earlier of

      (i) one hundred years after the record containing the information was created, and

      (ii) twenty years after the death of the individual whom the information is about;

    (h.1) of information that is publicly available and is specified by the regulations;

    (h.2) made by an investigative body and the disclosure is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province; or

    (i) required by law.

Use without consent

 

(4) Despite clause 4.5 of Schedule 1, an organization may use personal information for purposes other than those for which it was collected in any of the circumstances set out in subsection (2).

 

Disclosure without consent

 

(5) Despite clause 4.5 of Schedule 1, an organization may disclose personal information for purposes other than those for which it was collected in any of the circumstances set out in paragraphs (3)(a) to (h.2).

 

Written request

 

8. (1) A request under clause 4.9 of Schedule 1 must be made in writing.

 

Assistance

 

(2) An organization shall assist any individual who informs the organization that they need assistance in preparing a request to the organization.

 

Time limit

 

(3) An organization shall respond to a request with due diligence and in any case not later than thirty days after receipt of the request.

 

Extension of time limit  (4) An organization may extend the time limit 

    (a) for a maximum of thirty days if

      (i) meeting the time limit would unreasonably interfere with the activities of the organization, or

      (ii) the time required to undertake any consultations necessary to respond to the request would make the time limit impracticable to meet; or

    (b) for the period that is necessary in order to be able to convert the personal information into an alternative format.

In either case, the organization shall, no later than thirty days after the date of the request, send a notice of extension to the individual, advising them of the new time limit, the reasons for extending the time limit and of their right to make a complaint to the Commissioner in respect of the extension.

 

Deemed refusal

 

(5) If the organization fails to respond within the time limit, the organization is deemed to have refused the request.

 

Costs for responding

 

(6) An organization may respond to an individual's request at a cost to the individual only if 

    (a) the organization has informed the individual of the approximate cost; and

    (b) the individual has advised the organization that the request is not being withdrawn.

Reasons

 

(7) An organization that responds within the time limit and refuses a request shall inform the individual in writing of the refusal, setting out the reasons and any recourse that they may have under this Part.

 

Retention of information

 

(8) Despite clause 4.5 of Schedule 1, an organization that has personal information that is the subject of a request shall retain the information for as long as is necessary to allow the individual to exhaust any recourse under this Part that they may have.

 

When access prohibited

 

9. (1) Despite clause 4.9 of Schedule 1, an organization shall not give an individual access to personal information if doing so would likely reveal personal information about a third party. However, if the information about the third party is severable from the record containing the information about the individual, the organization shall sever the information about the third party before giving the individual access.

 

Limit

 

(2) Subsection (1) does not apply if the third party consents to the access or the individual needs the information because an individual's life, health or security is threatened.

 

Information
related to paragraphs 7(3)(c), (c.1) or (d)
 
(2.1) An organization shall comply with subsection (2.2) if an individual requests that the organization

    (a) inform the individual about

      (i) any disclosure of information to a government institution or a part of a government institution under paragraph 7(3)(c), subparagraph 7(3)(c.1)(i) or (ii) or paragraph 7(3)(d), or

      (ii) the existence of any information that the organization has relating to a disclosure referred to in subparagraph (i), to a subpoena, warrant or order referred to in paragraph 7(3)(c) or to a request made by a government institution or a part of a government institution under subparagraph 7(3)(c.1)(i) or (ii); or

    (b) give the individual access to the information referred to in subparagraph (a)(ii).

Notification and response  (2.2) An organization to which subsection (2.1) applies

    (a) shall, in writing and without delay, notify the institution or part concerned of the request made by the individual; and

    (b) shall not respond to the request before the earlier of

      (i) the day on which it is notified under subsection (2.3), and

      (ii) thirty days after the day on which the institution or part was notified.

Objection

 

(2.3) Within thirty days after the day on which it is notified under subsection (2.2), the institution or part shall notify the organization whether or not the institution or part objects to the organization complying with the request. The institution or part may object only if the institution or part is of the opinion that compliance with the request could reasonably be expected to be injurious to

    (a) national security, the defence of Canada or the conduct of international affairs; or

    (b) the enforcement of any law of Canada, a province or a foreign jurisdiction, an investigation relating to the enforcement of any such law or the gathering of intelligence for the purpose of enforcing any such law.

Prohibition

 

(2.4) Despite clause 4.9 of Schedule 1, if an organization is notified under subsection (2.3) that the institution or part objects to the organization complying with the request, the organization

    (a) shall refuse the request to the extent that it relates to paragraph (2.1)(a) or to information referred to in subparagraph (2.1)(a)(ii);

    (b) shall notify the Commissioner, in writing and without delay, of the refusal; and

    (c) shall not disclose to the individual

      (i) any information that the organization has relating to a disclosure to a government institution or a part of a government institution under paragraph 7(3)(c), subparagraph 7(3)(c.1)(i) or (ii) or paragraph 7(3)(d) or to a request made by a government institution or a part of a government institution under either of those subparagraphs,

      (ii) that the organization notified an institution or part under paragraph (2.2)(a) or the Commissioner under paragraph (b), or

      (iii) that the institution or part objects.

When access may be refused  (3) Despite the note that accompanies clause 4.9 of Schedule 1, an organization is not required to give access to personal information only if

    (a) the information is protected by solicitor-client privilege;

    (b) to do so would reveal confidential commercial information;

    (c) to do so could reasonably be expected to threaten the life or security of another individual;

    (c.1) the information was collected under paragraph 7(1)(b); or

    (d) the information was generated in the course of a formal dispute resolution process.

However, in the circumstances described in paragraph (b) or (c), if giving access to the information would reveal confidential commercial information or could reasonably be expected to threaten the life or security of another individual, as the case may be, and that information is severable from the record containing any other information for which access is requested, the organization shall give the individual access after severing.

Limit  (4) Subsection (3) does not apply if the individual needs the information because an individual's life, health or security is threatened. 

Notice

 

(5) If an organization decides not to give access to personal information in the circumstances set out in paragraph (3)(c.1), the organization shall, in writing, so notify the Commissioner, and shall include in the notification any information that the Commissioner may specify. 

Sensory disability

 

10. An organization shall give access to personal information in an alternative format to an individual with a sensory disability who has a right of access to personal information under this Part and who requests that it be transmitted in the alternative format if

    (a) a version of the information already exists in that format; or

    (b) its conversion into that format is reasonable and necessary in order for the individual to be able to exercise rights under this Part.

Continuation:    Division 2 - Remedies