Chapter 1 Canadian Privacy Basics Flashcards
What is Information Privacy?
The claim of individuals, groups, or institutions to determine for themselves when, how, and to what information about them is communicated to others
What is Privacy of the Person?
Protects bodily integrity and the freedom from physical contact that would reveal objects or matters a person wishes to conceal.
What is Territorial Privacy?
Places limitations on the ability of an individual or organization to intrude into another individuals physical environment.
Two Social Origins of Privacy?
Intertwined with religion and culture.
Arisen within the context of human rights
3 Perspectives of Privacy in Canada
Privacy of the individual vis a vis the state
Privacy of the individual vis a vis other individuals
Privacy of the individual vis a vis organizations
What are the Different World Models for Data Protection (5)
Comprehensive Laws
Sectoral Laws (US)
The Self-Regulatory Model (US, Japan, Singapore)
Seal Programs
The Technology-Based Model
3 Levels of Canadian Government
Federal Government
Provincial/Territorial
Municipal
What is the Technology-Based Data Protection Model?
Technological security measures can be undertaken to ensure the protection of individual’s personal data
Consumers may now select from a variety of technological means to ensure privacy and security are met
Trustworthiness of tech becomes a growing concern and needs to be tested
What is a Seal Program Data Protection Model?
Certifications provided by third Parties
Requires its participants to abide by codes of information practices and adhere to some variation of monitoring to ensure compliance
What is the Self-Regulated Data Protection Model?
Requires companies to abide by codes of practice as set by a company or group of companies as well as by industry and/or independent bodies to protect data
Two major issues with Self Regulated Model?
Adequacy - Provides limited data protection
Enforcement - Weak mechanisms
What is Sectoral Law Data Protection Model?
Protects PI through enactment of laws that specifically address particular sectors
Often used as a compliment to comprehensive for more specific protection
Two Major Drawbacks of Sectoral law Model?
Technological relevance - legislation often lags the technology that needs to be regulated
Oversight - lacks a central agency and a federal privacy mandate to provide oversight of the myriad data protection laws
What is the Comprehensive Law Data Protection Model?
Has an official or agency responsible for overseeing enforcement. Data Protection Authority DPA or Commissioner/ombudsman
Official ensure compliance with the law
2 Critical Issues with Comprehensive Model?
Data protection officials granted varying degrees of power
Countries choose to allocate varying levels of resources to the enforcement of data protection laws, leaving some countries inadequately funded and protected
What are the General Concepts of Generally Accepted Privacy Principles? (GAPP)
Jointly developed by the AICPA and CICA, meant to be used by any organization involved in handling of PI
Established to help businesses navigate competing interests of business, government and consumers
What are the Ten Principles of GAPP?
- Management
- Notices
- Choice and Consent
- Collection
- Use, Retention, and Disposal
- Access
- Disclosure to Third Parties
- Security for Privacy
- Quality
- Monitoring and Enforcement
10 Principles established by the CSA
- Accountability
- Identifying Purposes
- Consent
- Limiting Collection
- Limiting Use, Disclosure, and Retention
- Accuracy
- Safeguards
- Openness
- Individual Access
- Challenging Compliance
What is the CSA?
Canadian Standards Association:
Broke OECD’s Code into 10 principles
The ‘model code for the protection of personal information”
Became a schedule of PIPEDA
What is PI?
Any identifiable information about an individual
Employee Information Definition
in respect of an individual who is an employee or a potential employee, PI is reasonably required by an organization that is collected, used, or disclosed solely for the purposes of establishing managing, or terminating an employment relationship between the organization and the individual but does not include PI about the individual that is unrelated to that relationship.
Work-Product Information Definition
Related to that individual position, functions, and/or performance of their job
Note: Conflicts as to whether this is protected as PIPEDA does not distinguish these types of PI
Two Branches of Power in Canada
Legislative Branch
Members of the House of Commons and Senate
Introduce, Debate, and pass bills and policy
Oversight of executive branch (appoint several officers of parliment
Judiciary Branch
Headed by Supreme Court of Canada
Network of Federal and Provincial courts
What Areas are the Federal Government Responsible For?
Criminal Law
Banking
National Defense
Trade and Commerce
What Areas are the Provincial Government Responsible For?
Hospitals
Education
Provincial Courts
Municipalities
Property and Civil Rights Matters
Roles of Courts
Interpret Laws
Review laws and government actions to ensure rights and freedoms as enshrined in the Charter are upheld
General authority tor review most government decisions
Roles of Administrative Tribunals
Interpret laws and occasionally enforce charter rights
Vehicles of the executive branch. Organized to administer specific programs with a certain degree of expertise
Roles of Privacy Commissioner
Officer of Parliament, not a member of the executive branch of government
Accountable directly to the legislature
Required to table annual reports to parliament outlining work accomplished and conclusions of matters