IT Employment

General discussion


Privacy of Personal Information

By Absolute ·
On January 1, 2004, Canada's Privacy Act, lovingly called PIPEDA, comes into effect for ALL private commercial activity. This means companies, individuals, associations, non-profit etc. need a privacy policy and procedures. My recent experience indicates the majority of the private sector is unaware of these requirements.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Late on parade!

by GuruOfDos In reply to Privacy of Personal Infor ...

This has been in existence for years (literally) in most European countries. The 'Freedom of Information Act' and 'Data Protection Act' here in the UK have been in force for some time now.

Freedom of Information gives any individual or business the right to see what data is being stored by any other entity, and to ensure that any data held is correct and accurate. This applies to such things as credit files, medical records, employment records, tax files, etc. and concerns any data or information stored in electronic form. Access to this information is legally enforceable, but doesn't have to be free! Often there is a nominal charge to request copies of any data held, but there is no legal way of preventing this data from being released...but only to the person or entity requesting THEIR DATA...I cannot see any data held on my next door neighbours for instance!

This then leads into the Data Protection Act. This governs the usage to which stored data on any individual or entity may be applied. Data may not be released to any third party without express permission, and then under certain conditions. For example, Police or Government agencies may be allowed to access certain data if it is in the 'National Interest' or where it can be shown that the information may be used to effect a criminal prosecution or used to prevent fraud, but this can often only be done with a court order.

The powers under these Acts are sweeping and even the most 'innocent' storage of data is covered by these Acts. Any person or entity storing any kind of personal data on an information retrieval system has to register under these Acts and show compliance with these Acts. Even storing personal email addressess or telephone numbers in the Windows Address Book constitutes storage of personal data and is covered by the Acts!

I recently heard of a case here in the UK where an employee of a company had CC'd (not BCC'd) an email to several people on a mailing list. One of the recipients had kicked up a fuss on the grounds that his e-mail address had in this way been made public to the other recipients, and that by looking at the CC list, other people had been able to obtain his email address, which then infinged the Data Protection Act! He won his case and the company concerned were subsequently fined a five-figure sum, not only for disseminating private information but for not having registered under the Act.

Collapse -

Better late than never

by Absolute In reply to Privacy of Personal Infor ...

Thanks for your valued comments. I know the EC was instrumental in pushing for a National Privacy Policy. Canada has integrated the CSA 830 Standard into their policy - as of Jan 1 2004, all commercial activity will be subject to the new PIPEDA law. Singapore has adopted our Standard also.


Related Discussions

Related Forums