Canadian Privacy Basics - Chapter 1

Question 1

1.6.1 What is not considered Personal Information?

Answer 1

Purely corporate info, such as corporate trade secrets, and
Non-identifiable info belonging to groups of people.

Question 2

1.5.3.2 What is the difference between contracts / tort-based privacy rights and charter-based privacy rights, and how is each one enforced?

Answer 2

Contracts and tort-based privacy rights arise between private parties and can be enforced by the courts.

Charter based privacy rights arise in actions against the government.

Question 3

1.5.3 Which provinces use common law?

Answer 3

All provinces except Quebec, who uses civil law.

Question 4

1.5.3.1.2 What does Section 8 say of the Charter of Rights and Freedoms?

Answer 4

Everyone has the right to be secure against unreasonable search and seizure.

Note: this section is triggered when the state interferes with an individual’s reasonable expectation of privacy and when such interference itself is found to be unreasonable.

Question 5

1.5.3.1.2 What does Section 7 of the Charter of Rights and Freedoms say?

Answer 5

Everyone has the right to life, liberty and the security of the person and the right not to be deprived thereof, except in accordance with the principles of fundamental justice.

Note: although not explicitly stating Privacy, case law is emerging that supports the view that Section 7 serves as a source of constitutional protection of the right to privacy.

Question 6

1.5.3.1.3 What are contracts and when are they used?

Answer 6

Contracts are private laws created by parties who agree to be bound by certain terms.

Note: privacy rights can be created and protected by contracts (e.g. Privacy terms).

Contracts are most often used in outsourcing situations when one party provides PI under its control to another party.

Question 7

1.5.3.1.2 What is common law?

Answer 7

Referred to as judge made law, derived from various rulings, decisions and interpretations.

Question 8

1.5.2 What branch of the government are administrative tribunals associated with?

Answer 8

Administrative tribunals are associated with the executive branch and are organized to administer specific programs, such as regulation of broadcasting and telecommunications, the immigration system and labour relations for federal employees.

Question 9

1.5.2 What is the role of administrative tribunals?

Answer 9

Administrative tribunals interpret laws and sometimes enforce the Charter of Rights.

Question 10

1.5.3.1.1 What is the significance of the Privacy Act?

Answer 10

The Privacy Act imposes rules that govern the collection, use and disclosure of personal information by the government.

The Privacy Act provides for a right of access to the collected PI.

The Privacy Act sets up the OPC to oversee and enforce the Act.

Question 11

1.5.3 What is civil law?

Answer 11

Laws are codified into a civil code, which obviates the need to search through the judicial decisions to determine what laws exist.

Question 12

1.5.2 What are Charter Rights?

Answer 12

1. Charter rights are those created by the Canadian Charter of Rights and Freedoms.
2. Charter rights are constitutional rights and are considered the most valued rights in Canada.
3. The Charter was made part of the constitution in 1982.

Question 13

1.5.1 In the context of privacy protection, what do the provinces have jurisdiction over?

Answer 13

Provinces are given the jurisdiction to legislate matters concerning property and civil rights, an area generally thought to include privacy rights.

The Federal government delegates jurisdiction to each particular territorial government.

Question 14

1.5.1 What are the separate areas of jurisdiction for federal and provincial levels of government?

Answer 14

1. Federal - responsible for criminal law, banking, national defence, trade and commerce.
2. Provincial - hospitals, education, provincial courts and municipalities.

Question 15

1.5.1 What is the judiciary branch of government?

Answer 15

Made up of a network of federal and provincial courts that hear and decide on criminal and civil matters.

Question 16

1.5.1 Who regulates privacy and Canadian commerce, and why?

Answer 16

The federal government, based on the constitution act of 1867.

Question 17

1.5 What system of government is used at the federal and provincial levels?

Answer 17

The Parliamentary system.

Question 18

1.5 How are senate representatives chosen?

Answer 18

By appointment by the governor in council on the recommendation of the prime minister.

Question 19

1.5 How does the legislative branch oversee the executive branch?

Answer 19

By appointing officers of Parliament, including the auditor general and the privacy commissioner.

Question 20

1.5.1 What is the legislative branch of government?

Answer 20

Comprised of members of the House of Commons and the Senate, the legislative branch introduces, debates and passes bills and policy.

Question 21

1.5 How are representatives of the House of Commons chosen?

Answer 21

They are elected in general elections that are held every 4 years.

Question 22

1.5 Where are laws introduced and debated?

Answer 22

In either the House of Commons or the Senate.

Question 23

1.5 What are the 3 levels of government?

Answer 23

1. Federal
2. Provincial
3. Municipal

Question 24

1.5.2 What is the role of the OPC?

Answer 24

The privacy commissioner is:
* an officer of Parliament, not a member of the executive branch
* accountable directly to the legislature.
* responsible for and required to provide annual reports to Parliament, with accomplishments and conclusions

Question 25

1.4.1 What is the Comprehensive Laws model?

Answer 25

Laws that govern the collection, use and dissemination of personal information in the public and private sectors.

Question 26

1.4.1 What are the characteristics of the Comprehensive Laws model?

Answer 26

1. Laws govern the collection, use and dissemination of personal info in public and private sectors
2. An official agency oversees enforcement, known as a Data Protection Authority or commissioner/ ombudsperson in Canada
3. Enforcement and funding are critical.

Question 27

1.4.2 What are 2 major drawbacks of the Sectoral Laws model of data protection?

Answer 27

1. Technological relevance: legislation often lags behind the technology that needs to be regulated
2. Lack of a central agency and federal privacy mandate to provide oversight of myriad data protection laws, which can lead to overlapping regulations, causing conflicting obligations and compliance requirements.

Question 28

1.4.2 What is the Sectoral Laws model?

Answer 28

This framework protects personal information through the enactment of laws that specifically addresses particular industry sectors.

Question 29

1.4.2 Where are Sectoral Laws practiced?

Answer 29

United States

Question 30

1.4.3 Where is the self-regulatory model practiced?

Answer 30

United States, Japan and Singapore

Question 31

1.4.1 Where are Comprehensive Data Laws practiced?

Answer 31

Canada and the E.U.

Question 32

1.4.1 Why would a country move towards comprehensive data and privacy laws?

Answer 32

A combination of 3 factors:

1. Remedy past injustices
2. Promote electronic commerce
3. Ensure consistency with pan-European laws

Question 33

1.1 What is territorial privacy?

Answer 33

Territorial privacy is concerned with placing limitations on the ability of an individual or organization to intrude into another individual’s physical environment.

Note: spaces include: home, hotels, meeting places, some public spaces.

Intrusions include physical searches, video or audio surveillance, ID checks.

Question 34

1.1 By law, what is information privacy concerned with?

Answer 34

By law, information privacy is concerned with establishing rules that govern the collection and handling of ‘personal information’.

This can include financial information, medical data or other records.

Question 35

1.1 What is the assumption when predicting how information is protected?

Answer 35

Information’s protection is predicted on the assumption that all information about a person fundamentally belongs to them, for them to communicate or retain as they see fit.

Question 36

1.1 Classes of Privacy: What is Privacy of the Person?

Answer 36

Privacy of the Person protects bodily integrity, and in particular the freedom from physical contact that would reveal objects or matters a person wishes to conceal.

Bodily privacy is focused on exclusively on a person’s physical body.

Question 37

1.2 When was the first modern data protection law enacted?

Answer 37

The German state of Hesse enacted the first known data protection law in 1970.

Question 38

1.2 What did the increased use of IT systems bring, and when?

Answer 38

With the advent of IT in the 1960s, for managing and conveying data including personal information, spurred an acute interest in privacy practices and the privacy rights of individuals.

Question 39

1.2 What is the American Declaration of the rights and duties of Man?

Answer 39

Every person has the right to the protection of the law against abusive attacks upon his private and family life.

Question 40

1.3 What are the 3 perspectives on Canadian privacy?

Answer 40

1. Privacy of the Individual vis-a-vis the State.
2. Privacy of the Individual vis-a-vis other individuals.
3. Privacy of the Individual vis-a-vis organizations.

Question 41

1.3 What is Privacy of the Individual vis-a-vis the state?

Answer 41

The extent to which an individual is free to live their life without the state interfering or knowing what the individual is doing.

Question 42

1.3 What is Privacy of the Individual vis-a-vis organizations?

Answer 42

The extent an organization can collect, use and disclose personal information about an individual and, once collected, what obligations they have.

Question 43

1.3 What is Privacy of the Individual vis-a-vis other individuals?

Answer 43

To what extent an individual can live life free from intrusion from another individual, such as a neighbour, co-worker, spouse, parent or child.

Question 44

1.4 What are the different models of data protection?

Answer 44

1. Comprehensive Laws
2. Sectoral Laws
3. Self-regulatory model
4. Seal programs
5. Technology based model

Question 45

What is the responsibility of the DPA?

1.4.1 Comprehensive Laws

Answer 45

1. Ensures compliance with the law
2. Investigates alleged reaches of the law
3. Public education on data protection
4. International liaison for data protection issues
5. Varying degrees of power from country to country

Note: Europe has a Data Protection Authority
Canada has a commissioner/ombudsperson

Question 46

1.4.5 What are some examples of a technology based model of data protection?

Answer 46

1. Digital encryption
2. Secure file transfer protocol

Question 47

1.4.4 What are Seal programs?

Answer 47

Certifications and attestations provided by third parties.

Question 48

1.6.1 What is personal information?

Answer 48

Any identifiable information about an individual.

Question 49

1.6.1 What are 9 examples of Personal Information under the Privacy Act?

Answer 49

1. Info relating to race, origin, colour, religion, age, marital status
2. Information relating to the education or the medical, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved
3. Identifying number, symbol, or other particular assigned to an individual
4. The address, fingerprints or blood type of the individual
5. Opinions/views of the individual, except if they’re about another individual, a proposal for a grant, award or prize made to another individual by a government institution
6. Correspondence sent to a government institution by an individual that is personal in nature, and replies to such correspondence that would reveal the contents of the original correspondence
7. The views or opinions of another individual about the individual
8. The views or opinions of another individual about a proposal for a grant, and award or a prize to be made to the individual by an institution or a part of an institution referred to in #5, but excluding the name of the other individual where it appears with the views or opinions of the other individuals
9. The name of the individual where it appears with other personal information relating to the individual or where the disclosure of the name itself would reveal information about the individual

Question 50

1.6.2 What does the federal Privacy Act consider about opinions about an individual?

Answer 50

The federal Privacy Act consider opinions about an individual to be Personal Information, which gives right of access to one’s own personal information, such as a documented opinion (such as a personnel review).

Note: the Privacy Act allows for the individual to know the name of the person who provided the opinion.

Question 51

1.6.1 What was the Supreme Court’s ruling on the definition of Personal Information?

Answer 51

The intent of the deliberately broad definition is to capture any information about a specific person, subject only to specific examples.

Question 52

1.6.1 Is information that does not identify an individual by itself considered personal information?

Answer 52

Yes, if it is combined with other information that could identify an individual.

Question 53

1.6.1 What is NOT considered personal information for public sector employees

Answer 53

1. The fact that the individual was, or is, a public sector employee
2. Title, business address and telephone number of the individual
3. The classification, salary range and responsibilities of the individual’s position.
4. The name on a document of the individual, prepared by the individual during the course of employment.
5. The personal opinions and views given by the individual during the course of employment.

Question 54

1.6.1 How is personal information defined according to PIPEDA?

Answer 54

Information about an identifiable individual’

Question 55

1.6.1 Who does PIPEDA apply to?

Answer 55

Every organization that collects, uses or discloses in the course of commercial activities.

Question 56

1.6.2 Does PIPEDA differentiate between regular personal information and employee related information or work product information?

Answer 56

No, and this has caused several interpretations of the definition of Personal Information, as well as conflicting decisions.

Question 57

1.6.5 What are the differences between CSA and GAPP?

Answer 57

1. CSA (1996):
   a. broken into 10 principles
   b. incorporated into PIPEDA
   c. was influenced by OECD (1981)
   d. developed in order to find a balance between legitimate business interests and the individual right to privacy
   e. influenced by a committee of representatives from multiple sectors and areas
2. GAPP
   a. 10 principles developed by accountants
   b. principles were established to help businesses navigate the competing interests of business, government and consumers
   c. each principle is supported by objective and measurable criteria

Question 57

1.6.5 What are the differences between CSA and GAPP?

Answer 57

1. CSA (1996):
   a. broken into 10 principles
   b. incorporated into PIPEDA
   c. was influenced by OECD (1981)
   d. developed in order to find a balance between legitimate business interests and the individual right to privacy
   e. influenced by a committee of representatives from multiple sectors and areas
2. GAPP
   a. 10 principles developed by accountants
   b. principles were established to help businesses navigate the competing interests of business, government and consumers
   c. each principle is supported by objective and measurable criteria