|
|
espa�ol - fran�ais - portugu�s |
Search
|
Electronic
Commerce
|
2nd
Session, 36th Parliament, 48 Elizabeth II, 1999
|
||
The
House of Commons of Canada
|
||
BILL C-6 |
||
An Act to
support and promote electronic commerce by protecting personal
information that is collected, used or disclosed in certain
circumstances, by providing for the use of electronic means to
communicate or record information or transactions and by amending
the Canada Evidence Act, the Statutory Instruments Act and the
Statute Revision Act
|
||
|
||
SHORT TITLE |
||
Short
title
|
1. This Act may be cited as the Personal Information Protection and Electronic Documents Act. | |
PART 1index |
||
PROTECTION OF PERSONAL INFORMATION IN THE PRIVATE SECTOR |
||
Interpretation |
||
Definitions
|
2.
(1)
The definitions in this subsection apply in this Part.
|
|
``alternative
format'' � support de substitution �
|
``alternative
format'', with respect to personal information, means a format
that allows a person with a sensory disability to read or listen
to the personal information.
|
|
``commercial
activity'' � activit� commerciale �
|
``commercial
activity'' means any particular transaction, act or conduct or any
regular course of conduct that is of a commercial character,
including the selling, bartering or leasing of donor, membership
or other fundraising lists.
|
|
``Commissioner'' � commissaire �
|
``Commissioner''
means the Privacy Commissioner appointed under section 53 of the Privacy
Act.
|
|
``Court'' � Cour �
|
``Court''
means the Federal Court-Trial Division.
|
|
``federal
work, undertaking or business'' � entreprises f�d�rales � |
``federal work, undertaking or business'' means any work, undertaking or business that is within the legislative authority of Parliament. It includes | |
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
``organization'' � organisation �
|
``organization''
includes an association, a partnership, a person and a trade
union.
|
|
``personal
information'' � renseignement personnel �
|
``personal information'' means information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. | |
``record'' � document �
|
``record''
includes any correspondence, memorandum, book, plan, map, drawing,
diagram, pictorial or graphic work, photograph, film, microform,
sound recording, videotape, machine-readable record and any other
documentary material, regardless of physical form or
characteristics, and any copy of any of those things.
|
|
Notes in Schedule 1
|
(2)
In this Part, a reference to clause 4.3 or 4.9 of Schedule 1 does
not include a reference to the note that accompanies that clause.
|
|
Purpose |
||
Purpose
|
3.
The purpose of this Part is to establish, in an era in which
technology increasingly facilitates the circulation and exchange
of information, rules to govern the collection, use and disclosure
of personal information in a manner that recognizes the right of
privacy of individuals with respect to their personal information
and the need of organizations to collect, use or disclose personal
information for purposes that a reasonable person would consider
appropriate in the circumstances.
|
|
Application |
||
Application
|
4.
(1)
This Part applies to every organization in respect of personal
information that
|
|
|
||
|
||
Limit | (2) This Part does not apply to | |
|
||
|
||
|
||
Other Acts
|
(3)
Every provision of this Part applies despite any provision,
enacted after this subsection comes into force, of any other Act
of Parliament, unless the other Act expressly declares that that
provision operates despite the provision of this Part.
|
|
DIVISION 1index |
||
PROTECTION OF PERSONAL INFORMATION |
||
Compliance
with obligations
|
5. (1) Subject to sections 6 to 9, every organization shall comply with the obligations set out in Schedule 1. | |
Meaning of
``should''
|
(2)
The word ``should'', when used in Schedule 1, indicates a
recommendation and does not impose an obligation.
|
|
Appropriate
purposes
|
(3)
An organization may collect, use or disclose personal information
only for purposes that a reasonable person would consider are
appropriate in the circumstances.
|
|
Effect of
designation of individual
|
6.
The designation of an individual under clause 4.1 of Schedule 1
does not relieve the organization of the obligation to comply with
the obligations set out in that Schedule.
|
|
Collection
without knowledge or consent
|
7. (1) For the purpose of clause 4.3 of Schedule 1, and despite the note that accompanies that clause, an organization may collect personal information without the knowledge or consent of the individual only if | |
|
||
|
||
|
||
|
||
Use without knowledge or consent | (2) For the purpose of clause 4.3 of Schedule 1, and despite the note that accompanies that clause, an organization may, without the knowledge or consent of the individual, use personal information only if | |
|
||
|
||
|
||
|
||
|
||
Disclosure
without knowledge or consent
|
(3) For the purpose of clause 4.3 of Schedule 1, and despite the note that accompanies that clause, an organization may disclose personal information without the knowledge or consent of the individual only if the disclosure is | |
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Use
without consent
|
(4)
Despite clause 4.5 of Schedule 1, an organization may use personal
information for purposes other than those for which it was
collected in any of the circumstances set out in subsection (2).
|
|
Disclosure
without consent
|
(5)
Despite clause 4.5 of Schedule 1, an organization may disclose
personal information for purposes other than those for which it
was collected in any of the circumstances set out in paragraphs
(3)(a) to (h.2).
|
|
Written
request
|
8.
(1)
A request under clause 4.9 of Schedule 1 must be made in writing.
|
|
Assistance
|
(2)
An organization shall assist any individual who informs the
organization that they need assistance in preparing a request to
the organization.
|
|
Time limit
|
(3)
An organization shall respond to a request with due diligence and
in any case not later than thirty days after receipt of the
request.
|
|
Extension of time limit | (4) An organization may extend the time limit | |
|
||
|
||
|
||
|
||
In either
case, the organization shall, no later than thirty days after the
date of the request, send a notice of extension to the individual,
advising them of the new time limit, the reasons for extending the
time limit and of their right to make a complaint to the
Commissioner in respect of the extension.
|
||
Deemed
refusal
|
(5)
If the organization fails to respond within the time limit, the
organization is deemed to have refused the request.
|
|
Costs for
responding
|
(6) An organization may respond to an individual's request at a cost to the individual only if | |
|
|
||
Reasons
|
(7)
An organization that responds within the time limit and refuses a
request shall inform the individual in writing of the refusal,
setting out the reasons and any recourse that they may have under
this Part.
|
|
Retention
of information
|
(8)
Despite clause 4.5 of Schedule 1, an organization that has
personal information that is the subject of a request shall retain
the information for as long as is necessary to allow the
individual to exhaust any recourse under this Part that they may
have.
|
|
When
access prohibited
|
9.
(1) Despite clause 4.9 of Schedule 1, an organization shall
not give an individual access to personal information if doing so
would likely reveal personal information about a third party.
However, if the information about the third party is severable
from the record containing the information about the individual,
the organization shall sever the information about the third party
before giving the individual access.
|
|
Limit
|
(2)
Subsection (1) does not apply if the third party consents to the
access or the individual needs the information because an
individual's life, health or security is threatened.
|
|
Information related to paragraphs 7(3)(c), (c.1) or (d) |
(2.1) An organization shall comply with subsection (2.2) if an individual requests that the organization | |
|
||
|
||
|
||
|
||
Notification and response | (2.2) An organization to which subsection (2.1) applies | |
|
||
|
||
|
||
|
||
Objection
|
(2.3) Within thirty days after the day on which it is notified under subsection (2.2), the institution or part shall notify the organization whether or not the institution or part objects to the organization complying with the request. The institution or part may object only if the institution or part is of the opinion that compliance with the request could reasonably be expected to be injurious to | |
|
||
|
||
Prohibition
|
(2.4) Despite clause 4.9 of Schedule 1, if an organization is notified under subsection (2.3) that the institution or part objects to the organization complying with the request, the organization | |
|
||
|
||
|
||
|
||
|
||
|
||
When access may be refused | (3) Despite the note that accompanies clause 4.9 of Schedule 1, an organization is not required to give access to personal information only if | |
|
||
|
||
|
||
|
||
|
||
However,
in the circumstances described in paragraph (b) or (c),
if giving access to the information would reveal confidential
commercial information or could reasonably be expected to threaten
the life or security of another individual, as the case may be,
and that information is severable from the record containing any
other information for which access is requested, the organization
shall give the individual access after severing.
|
||
Limit | (4)
Subsection (3) does not apply if the individual needs the
information because an individual's life, health or security is
threatened.
|
|
Notice
|
(5)
If an organization decides not to give access to personal
information in the circumstances set out in paragraph (3)(c.1),
the organization shall, in writing, so notify the Commissioner,
and shall include in the notification any information that the
Commissioner may specify.
|
|
Sensory
disability
|
10. An organization shall give access to personal information in an alternative format to an individual with a sensory disability who has a right of access to personal information under this Part and who requests that it be transmitted in the alternative format if | |
|
||
|
Continuation: Division 2 - Remedies
|