CIPP/C Text Chapter 1 - Canadian Privacy Basics

Question 1

Define Privacy in it’s simplest terms as per Canadian Privacy Basics

Answer 1

The right to be let alone

Question 2

What are the three Canadian classes of Privacy

Answer 2

Information Privacy, Privacy of the Person and Territorial Privacy

Question 3

What is Information Privacy

Answer 3

All information about a person belongs to them. An individual will determine when. how and what information about them is shared with others

Question 4

What is Privacy of the Person

Answer 4

Protects bodily integrity and freedom from physical contact. invasions include testing and body cavity searches

Question 5

What is Territorial Privacy

Answer 5

The ability of an individual or organization to intrude into another’s physical environment. This would relate to privacy in the home where the most intimate and private activities would occur. invasions would include: audio/video surveillance and physical property searches

Question 6

Generally, Privacy is in Canada is approached in one of 3 ways - name them

Answer 6

Privacy of the individual against the state, Privacy of the individual against other individuals, and Privacy of the individual against an organization

Question 7

What is Privacy of the individual against the state

Answer 7

The extent to which an individual is free to live their life without the state interfering

Question 8

What is Privacy of the individual against other individuals

Answer 8

The extent and individual can live free from intrusion from another individual such as neighbour, coworker, spouse or child

Question 9

What is Privacy against an organization

Answer 9

The extent to which organizations can collect, use, and disclose personal information about an individual. Including what obligations the organization has once they have collected the individuals information

Question 10

What is comprehensive Privacy Laws

Answer 10

these laws govern the collection, use and disclosure of personal information in the public and private sectors. Typically this includes an official or agency responsible for overseeing enforcement of such laws. Typically seen in Canada and the European Union

Question 11

What is sectoral Privacy Laws

Answer 11

Sectoral framework protects personal information through the enactment of individual laws often particular to industry sectors. Sectoral law would require new legislation every time a new technology is introduced and lacks a central agency or enforcement of the laws. This approach is used in the United States

Question 12

What is the self regulatory model

Answer 12

This model requires companies to abide by the code of practice set up by a company or group of companies in an industry or could be industry led. This approach is used in the United States, Japan and Singapore

Question 13

What are seal programs

Answer 13

A seal program requires participants to abide by codes of information practices and adhere to monitoring . These companies wold be allowed to display the appropriate Privacy Seal on their website

Question 14

What is the federal privacy commissioner

Answer 14

The federal Privacy Commissioner is officer of Parliament and is accountable directly to the legislature.

Question 15

What is the federal Privacy Act

Answer 15

the Federal Privacy Act imposes rules that govern the governments collection, use and disclosure of personal information. It also provides for a right of access to that information and sets up the Office of the Privacy Commissioner (OPC) to oversee and enforce the act

Question 16

What Privacy Act is the private sector governed by

Answer 16

PIPEDA Personal Information Protection & Electronics Document Act

Question 17

How is Privacy treated un contracts

Answer 17

contracts are private laws created by parties who agree to be bound by certain terms. Typically one party provide personal information under its control to another party. The receiving party is asked to be contractually bound to protect that personal information

Question 18

Define personal information

Answer 18

Personal information can be defined as any identifiable information about a person. These could include but not limited to: race, religion, colour, age, marital status, health information, financial information, address, finger prints, identifying number (account number), views, opinions, correspondence, etc.

Question 19

How does PIPEDA apply to Employee and work product information

Answer 19

PIPEDA does not differentiate from regular personal information and employee related information. This can include performance appraisals, internal investigation files, medical information, or complaints filed against the employee

Question 20

How does PIPEDA apply to Public Records

Answer 20

PIPEDA states that an organization can collect, use and disclose any Personal Information that is publicly available without the knowledge or consent of the individual

Question 21

How is personal information and Private/Sensitive information treated

Answer 21

Federally there is no distinction, personal information is any information about an identifiable individual - some Provinces give further guidance about what types of information would merit additional protection like: health, financial, credit, etc.

Question 22

What are the 10 Privacy Principles of PIPEDA

Answer 22

1) Accountability 2) Identifying Purposes 3) Consent 4) Limiting collection 5) Limiting use, disclosure & retention 6) Accuracy 7) safeguards 8) openness 9) Indivdual access 10) Challenging compliance