Interpretation
2 - DefinitionsPurpose
3 - PurposeApplication
4 - Application4.01 - Business contact information4.1 - Certificate under Canada Evidence Act5 - Compliance with obligations6 - Effect of designation of individual6.1 - Valid consent7 - Collection without knowledge or consent7.1 - Definitions7.2 - Prospective business transaction7.3 - Employment relationship7.4 - Use without consent8 - Written request9 - When access prohibited10 - Sensory disability
Filing of Complaints
11 - ContraventionInvestigations of Complaints
12 - Examination of complaint by Commissioner12.1 - Powers of CommissionerDiscontinuance of Investigation
12.2 - ReasonsCommissioner's Report
13 - ContentsHearing by Court
14 - Application15 - Commissioner may apply or appear16 - Remedies17 - Summary hearingsCompliance Agreements
17.1 - Compliance Agreements17.2 - Agreement complied with20 - Confidentiality21 - Not competent witness22 - Protection of Commissioner23 - Consultations with provinces23.1 - Disclosure of information to foreign state24 - Promoting the purposes of the Part25 - Annual report26 - Regulations27 - Whistleblowing27.1 - Prohibition28 - Offence and punishment*29 - Review of Part by parliamentary committee
Interpretation
31 - DefinitionsPurpose
32 - PurposeElectronic Alternatives
33 - Collection, storage, etc.34 - Electronic payment35 - Electronic version of statutory form36 - Documents as evidence or proof37 - Retention of documents38 - Notarial act39 - Seals40 - Requirements to provide documents or information41 - Writing requirements42 - Original documents43 - Signatures44 - Statements made under oath45 - Statements declaring truth, etc.46 - Witnessed signatures47 - CopiesRegulations and Orders
48 - Regulations49 - Amendment of schedules50 - Regulations51 - Effect of striking out listed provision52 to 57 - [Amendments]
58 and 59 - [Amendments]
60 to 71 - [Amendments]
4.1 - Principle 1: Accountability4.2 - Principle 2: Identifying Purposes4.3 - Principle 3: Consent4.4 - Principle 4: Limiting Collection4.5 - Principle 5: Limiting Use, Disclosure, and Retention4.6 - Principle 6: Accuracy4.7 - Principle 7: Safeguards4.8 - Principle 8: Openness4.9 - Principle 9: Individual Access4.10 - Principle 10: Challenging Compliance
4.9
Principle 9: Individual Access
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Note: In certain situations, an organization may not be able to provide access to all the personal information it holds about an individual. Exceptions to the access requirement should be limited and specific. The reasons for denying access should be provided to the individual upon request. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege.
4.9.1
Upon request, an organization shall inform an individual whether or not the organization holds personal information about the individual. Organizations are encouraged to indicate the source of this information. The organization shall allow the individual access to this information. However, the organization may choose to make sensitive medical information available through a medical practitioner. In addition, the organization shall provide an account of the use that has been made or is being made of this information and an account of the third parties to which it has been disclosed.
4.9.2
An individual may be required to provide sufficient information to permit an organization to provide an account of the existence, use, and disclosure of personal information. The information provided shall only be used for this purpose.
4.9.3
In providing an account of third parties to which it has disclosed personal information about an individual, an organization should attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed information about an individual, the organization shall provide a list of organizations to which it may have disclosed information about the individual.
4.9.4
An organization shall respond to an individual’s request within a reasonable time and at minimal or no cost to the individual. The requested information shall be provided or made available in a form that is generally understandable. For example, if the organization uses abbreviations or codes to record information, an explanation shall be provided.
4.9.5
When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, the organization shall amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question.
4.9.6
When a challenge is not resolved to the satisfaction of the individual, the substance of the unresolved challenge shall be recorded by the organization. When appropriate, the existence of the unresolved challenge shall be transmitted to third parties having access to the information in question.
