Interpretation
2 - DefinitionsPurpose
3 - PurposeApplication
4 - Application4.01 - Business contact information4.1 - Certificate under Canada Evidence Act5 - Compliance with obligations6 - Effect of designation of individual6.1 - Valid consent7 - Collection without knowledge or consent7.1 - Definitions7.2 - Prospective business transaction7.3 - Employment relationship7.4 - Use without consent8 - Written request9 - When access prohibited10 - Sensory disability
Filing of Complaints
11 - ContraventionInvestigations of Complaints
12 - Examination of complaint by Commissioner12.1 - Powers of CommissionerDiscontinuance of Investigation
12.2 - ReasonsCommissioner's Report
13 - ContentsHearing by Court
14 - Application15 - Commissioner may apply or appear16 - Remedies17 - Summary hearingsCompliance Agreements
17.1 - Compliance Agreements17.2 - Agreement complied with20 - Confidentiality21 - Not competent witness22 - Protection of Commissioner23 - Consultations with provinces23.1 - Disclosure of information to foreign state24 - Promoting the purposes of the Part25 - Annual report26 - Regulations27 - Whistleblowing27.1 - Prohibition28 - Offence and punishment*29 - Review of Part by parliamentary committee
Interpretation
31 - DefinitionsPurpose
32 - PurposeElectronic Alternatives
33 - Collection, storage, etc.34 - Electronic payment35 - Electronic version of statutory form36 - Documents as evidence or proof37 - Retention of documents38 - Notarial act39 - Seals40 - Requirements to provide documents or information41 - Writing requirements42 - Original documents43 - Signatures44 - Statements made under oath45 - Statements declaring truth, etc.46 - Witnessed signatures47 - CopiesRegulations and Orders
48 - Regulations49 - Amendment of schedules50 - Regulations51 - Effect of striking out listed provision52 to 57 - [Amendments]
58 and 59 - [Amendments]
60 to 71 - [Amendments]
4.1 - Principle 1: Accountability4.2 - Principle 2: Identifying Purposes4.3 - Principle 3: Consent4.4 - Principle 4: Limiting Collection4.5 - Principle 5: Limiting Use, Disclosure, and Retention4.6 - Principle 6: Accuracy4.7 - Principle 7: Safeguards4.8 - Principle 8: Openness4.9 - Principle 9: Individual Access4.10 - Principle 10: Challenging Compliance
9
When access prohibited
(1) Despite clause 4.9 of Schedule 1, an organization shall not give an individual access to personal information if doing so would likely reveal personal information about a third party. However, if the information about the third party is severable from the record containing the information about the individual, the organization shall sever the information about the third party before giving the individual access.
Limit
(2) Subsection (1) does not apply if the third party consents to the access or the individual needs the information because an individual’s life, health or security is threatened.
Information related to paragraphs 7(3)(c), (c.1) or (d)
(2.1) An organization shall comply with subsection (2.2) if an individual requests that the organization
(a) inform the individual about
(i) any disclosure of information to a government institution or a part of a government institution under paragraph 7(3)(c), subparagraph 7(3)(c.1)(i) or
(ii) or paragraph 7(3)(c.2) or (d), or
(b) give the individual access to the information referred to in subparagraph (a)(ii).
Notification and response
(2.2) An organization to which subsection (2.1) applies
(a) shall, in writing and without delay, notify the institution or part concerned of the request made by the individual; and
(b) shall not respond to the request before the earlier of
(i) the day on which it is notified under subsection (2.3), and
(ii) thirty days after the day on which the institution or part was notified.
Objection
(2.3) Within thirty days after the day on which it is notified under subsection (2.2), the institution or part shall notify the organization whether or not the institution or part objects to the organization complying with the request. The institution or part may object only if the institution or part is of the opinion that compliance with the request could reasonably be expected to be injurious to
(a) national security, the defence of Canada or the conduct of international affairs;
(a.1) the detection, prevention or deterrence of money laundering or the financing of terrorist activities; or
(b) the enforcement of any law of Canada, a province or a foreign jurisdiction, an investigation relating to the enforcement of any such law or the gathering of intelligence for the purpose of enforcing any such law.
Prohibition
(2.4) Despite clause 4.9 of Schedule 1, if an organization is notified under subsection (2.3) that the institution or part objects to the organization complying with the request, the organization
(a) shall refuse the request to the extent that it relates to paragraph (2.1)(a) or to information referred to in subparagraph (2.1)(a)(ii);
(b) shall notify the Commissioner, in writing and without delay, of the refusal; and
(c) shall not disclose to the individual
(i) any information that the organization has relating to a disclosure to a government institution or a part of a government institution under para graph 7(3)(c), subparagraph 7(3)(c.1)(i) or (ii) or paragraph 7(3)(c.2) or (d) or to a request made by a government institution under either of those subparagraphs,
(ii) that the organization notified an institution or part under paragraph (2.2)(a) or the Commissioner under paragraph (b), or
(iii) that the institution or part objects.
When access may be refused
(3) Despite the note that accompanies clause 4.9 of Schedule 1, an organization is not required to give access to personal information only if
(a) the information is protected by solicitor-client privilege or, in civil law, by the professional secrecy of lawyers and notaries;
(b) to do so would reveal confidential commercial information;
(c) to do so could reasonably be expected to threaten the life or security of another individual;
(c.1) the information was collected under para graph 7(1)(b);
(d) the information was generated in the course of a formal dispute resolution process; or
(e) the information was created for the purpose of making a disclosure under the Public Servants Disclosure Protection Act or in the course of an investigation into a disclosure under that Act.
However, in the circumstances described in para graph (b) or (c), if giving access to the information would reveal confidential commercial information or could reasonably be expected to threaten the life or security of another individual, as the case may be, and that information is severable from the record containing any other information for which access is requested, the organization shall give the individual access after severing.
Limit
(4) Subsection (3) does not apply if the individual needs the information because an individual’s life, health or security is threatened.
Notice
(5) If an organization decides not to give access to personal information in the circumstances set out in paragraph (3)(c.1), the organization shall, in writing, so notify the Commissioner, and shall include in the notification any information that the Commissioner may specify.
2000, c. 5, s. 9, c. 17, s. 97; 2001, c. 41, s. 82; 2005, c. 46, s. 57; 2006, c. 9, s. 223; 2015, c. 32, s. 9.
