Module 3

Question 1

How is personal information defined under PIPEDA.

Answer 1

1. Information about an identifiable individual.
2. Does not include de-identified information.

• BUT if info can be traced back in any way, shape or form, then considered PII.

Question 2

What are some examples of PII

Answer 2

Name, gender, age, DOB, government-issued ID, race, marital status, citizenship, languages spoken, veteran status, disabilities, education, employment history, IP address.

NB. IP address at a library = not PII.
IP address at home = PIII.

Question 3

What is work product information?

Answer 3

Any information about an individual that is related to that individual’s position or function. It’s information that’s produced in the context of their work.

Question 4

Which laws do not differentiate between work-product information and personal information

Answer 4

Quebec law and Alberta law

• work product information is protected by the legislation and therefore, consent required to use/collect/disclose it.

Question 5

Which laws do differentiate between work product information and personal information

Answer 5

BC law - Explicit carve out for it for work product information i.e. it doesn’t have the same protection that PII has under BC PIPA. . It does not protect this type of information.

EXAMPLE – HR is carrying out interviews. The interviewer is taking notes. Those notes i.e. the work product information are accessible to the candidate upon request without getting note takers consent. No consent required because its work product information. Those notes were created by a particular individual, but they are not considered the PII of the interviewer. They are considered to be the PII of the interviewee and must be available on request without getting the note takers consent.

Question 6

How does PIPEDA treat work product information?

Answer 6

PIPEDA has it’s own nuanced carve out It deals with this in section 7.

Work product information can be collected, used and disclosed,** without consent**, if it’s produced in course of an individual’s work or business and collection ,use, disclosure is consistent with the purposes with which that info was produced.

So this is the circumstance when work when PIPEDA doesn’t apply i.e. work product information is treated differently to PII.

Question 7

Generally speaking across Canada is work product information considered PII?

Answer 7

No.

Question 8

Is employee and work product information protected?

Answer 8

Several conflicting decisions. But, under PIPEDA, for example, there is no difference between personal information and employee related information or work-product information.

Views or opinions about an employee can also constitute personal information i.e. performance appraisals, internal investigation files, medical information, complaints filed about an employee.

Question 9

Which laws contain formal definitions on what constitutes employee-related PII?

Answer 9

PIPEDA, BC, Alberta.

Question 10

How is employee personal information defined in BC PIPA/AB PIPA/PIPEDA?

Answer 10

Any information collected, used or disclosed for the purposes of managing, establishing or terminating a relationship, don’t need consent.

i.e. there is a consent exemption.

Question 11

How does Quebec treat employee data?

Answer 11

Express consent is required to collect/use employee data.

Question 12

How does the Privacy Act define personal information?

Answer 12

The Privacy Act defines personal information as any recorded information about an identifiable individual

Question 13

What does the Privacy Act say about employment and work product related information?

Answer 13

There are some carve outs i.e. personal information does not include:

1. The fact that an individual is or was an officer or employee of the federal government.
2. The title, business address and telephone number of the individual.
3. The classification, salary range and and responsibilities of the position held by the individual.
4. The personal opinions or views of the individual given in the course of employment.
5. The name of an individual on a document prepared by an individual in the course of employment.

Question 14

Which legislation has a definition for employee personal information?

Answer 14

PIPEDA, BC PIPA, AB PIPA.

Quebec does not define this.

Question 15

How do PIPEDA, BC PIPA, AB PIPA define employee personal info?

Answer 15

Any info collected, used or disclosed in the context of managing, establishing or terminating a relationship.

This means that consent is not required to collect/use this information.

Question 16

Is business information personal information i.e.
business address, business phone number, business email address, internal IDs.

Answer 16

NOT considered PII in Alberta and BC and therefore no protection when this info is collected or used under Alberta PIPA or BC PIPA.

Also not considered PII under PIPEDA when that information is used/collected/shared, solely for the purpose of communicating with a person in relation to their business (i.e. you don’t need consent to use/collect/disclose that information if used for that purpose).

BUT if you used someone’s business contact info to sell them tickets to an upcoming production that’s unrelated to their business, then the commissioner would have jurisdiction over that.

Question 17

Are aggregate statistics PII?

Answer 17

No.

Question 18

Does PIPEDA differentiate between personal information and employee information ?

Answer 18

No