Private Sector Flashcards
What is PIPDEA
Federal privacy law that governs the collection, use, and disclosure of personal information by private sector for commercial purpose
What are the situations where the PIPDEA does not apply
Government institutions
Personal or domestic purpose
Journalist, artistic or literary purpose
PIPEDA does not apply to Quebec, Alberta, and BC unless when ?
It is a federal work (banks, telecom)
The personal information crosses provincial borders in the course of commercial activity
When a province has a legislation that matches PIPEDA, what does it have to do?
Communicate with the industry Canada (innovation, science, and economic development Canada). They may consult with OPC to access the alignment between PIPEDA and provincial law
PIPEDA does not apply to what type of info?
Does not apply to information that is publicly available and can be found is publications.
Information for the purpose of communication with the individual in relation to their employment, business, or profession
Certain organizations, such as investigative bodies and organizations in regulated professions
Collection of personal information for the purpose of establishing, managing, or terminating an employment,
Collection of personal information if it is part of business transaction.
What are the privacy principles under PIPEDA
Accountability,
Consent
Identifying purpose
Limiting collection of information
Limting use, disclosure and retention
Accuracy
Safeguard
Openness
Individual access
Challenging compliance
What are the legal grounds in Alberta’s Personal Information Protection Act (PIPA) for use, disposal and retention of personal data
Vital interest, legal obligation, and performance of labor contract as consent
What type of consent is required in BC’s PIPA ?
Explicit or implied before data collection
Does BC’s PIPA differ to PIPEDA where federal jurisdictions prevail
Yes
Can organizations outsource their privacy obligations
No
Does BC’s PIPA presides over conflicting provincial law
Yes
What province’s health privacy laws are similar to PIPEDA
Ontario
New foundland and Labrador
New Brunswick
Nova Scotia
What does PIPEDA Accountability principle mean
Ensuring there is a designated position handling matters
Responsible for 3rd party processing
Implementation of policies and practices
What is PIPEDA’s identifying purpose
The identifying purpose for which the information is collected must be identified by the organization at/before the time to data collection
Purposes must be documented, identified at collection, new purpose identified, and explanation of collection purpose.
What are the principles of PIPEDA Consent
Freely given
Consent at the time of collection
Informed and knowledgeable
Withdrawal
Under PIPEDA, when can personal information be collected, used, or disclosed without the knowledge and consent of the individual
Emergencies
Detection and prevention of fraud or law enforcement
Minor or mentally incapacitated
What is the fine amount for PIPEDA
10k for summary conviction or 100k for indictable offenses
Risk associated with non compliance
Complaints and investigation
Public disclosure
Legal remedies
Financial loss
Risk of class action lawsuits
What are the three types of breach notification
Notification to OPC, individual and other organizations
What provinces health legislation is similar to PIPEDA
New Brunswick
Ontario
Newfoundland and Labrador
Nova Scotia
What provinces refer to entities managing personal health info as Custodians
Alberta
Nova Scotia
Newfoundland and Labrador
New Brunswick
What provinces refer to entities managing personal health info as trustee
Manitoba
Saskatchewan
Ontario PHIPA applies to what
Gathering of personal health data by custodians
Usage and sharing of data
Handling of a health number by any custodians
Is Timeframe of when the info is received relevant under ON PHIPA
Timeframe of when the information was received is irrelevant under ON PHIPA
