Interpretation
2 - DefinitionsPurpose
3 - PurposeApplication
4 - Application4.01 - Business contact information4.1 - Certificate under Canada Evidence Act5 - Compliance with obligations6 - Effect of designation of individual6.1 - Valid consent7 - Collection without knowledge or consent7.1 - Definitions7.2 - Prospective business transaction7.3 - Employment relationship7.4 - Use without consent8 - Written request9 - When access prohibited10 - Sensory disability
Filing of Complaints
11 - ContraventionInvestigations of Complaints
12 - Examination of complaint by Commissioner12.1 - Powers of CommissionerDiscontinuance of Investigation
12.2 - ReasonsCommissioner's Report
13 - ContentsHearing by Court
14 - Application15 - Commissioner may apply or appear16 - Remedies17 - Summary hearingsCompliance Agreements
17.1 - Compliance Agreements17.2 - Agreement complied with20 - Confidentiality21 - Not competent witness22 - Protection of Commissioner23 - Consultations with provinces23.1 - Disclosure of information to foreign state24 - Promoting the purposes of the Part25 - Annual report26 - Regulations27 - Whistleblowing27.1 - Prohibition28 - Offence and punishment*29 - Review of Part by parliamentary committee
Interpretation
31 - DefinitionsPurpose
32 - PurposeElectronic Alternatives
33 - Collection, storage, etc.34 - Electronic payment35 - Electronic version of statutory form36 - Documents as evidence or proof37 - Retention of documents38 - Notarial act39 - Seals40 - Requirements to provide documents or information41 - Writing requirements42 - Original documents43 - Signatures44 - Statements made under oath45 - Statements declaring truth, etc.46 - Witnessed signatures47 - CopiesRegulations and Orders
48 - Regulations49 - Amendment of schedules50 - Regulations51 - Effect of striking out listed provision52 to 57 - [Amendments]
58 and 59 - [Amendments]
60 to 71 - [Amendments]
4.1 - Principle 1: Accountability4.2 - Principle 2: Identifying Purposes4.3 - Principle 3: Consent4.4 - Principle 4: Limiting Collection4.5 - Principle 5: Limiting Use, Disclosure, and Retention4.6 - Principle 6: Accuracy4.7 - Principle 7: Safeguards4.8 - Principle 8: Openness4.9 - Principle 9: Individual Access4.10 - Principle 10: Challenging Compliance
10.2
Notification to organizations
(1) An organization that notifies an individual of a breach of security safeguards under subsection 10.1(3) shall notify any other organization, a government institution or a part of a government institution of the breach if the notifying organization believes that the other organization or the government institution or part concerned may be able to reduce the risk of harm that could result from it or mitigate that harm, or if any of the prescribed conditions are satisfied.
Time to give notification
(2) The notification shall be given as soon as feasible after the organization determines that the breach has occurred.
Disclosure of personal information Communication de renseignements personnels
(3) In addition to the circumstances set out in subsection 7(3), for the purpose of clause 4.3 of Schedule 1, and despite the note that accompanies that clause, an organization may disclose personal information without the knowledge or consent of the individual if
(a) the disclosure is made to the other organization, the government institution or the part of a government institution that was notified of the breach under subsection (1); and
(b) the disclosure is made solely for the purposes of reducing the risk of harm to the individual that could result from the breach or mitigating that harm.
Disclosure without consent
(4) Despite clause 4.5 of Schedule 1, an organization may disclose personal information for purposes other than those for which it was collected in the circumstance set out in subsection (3).
2015, c. 32, s. 10.
