Interpretation
2 - DefinitionsPurpose
3 - PurposeApplication
4 - Application4.01 - Business contact information4.1 - Certificate under Canada Evidence Act5 - Compliance with obligations6 - Effect of designation of individual6.1 - Valid consent7 - Collection without knowledge or consent7.1 - Definitions7.2 - Prospective business transaction7.3 - Employment relationship7.4 - Use without consent8 - Written request9 - When access prohibited10 - Sensory disability
Filing of Complaints
11 - ContraventionInvestigations of Complaints
12 - Examination of complaint by Commissioner12.1 - Powers of CommissionerDiscontinuance of Investigation
12.2 - ReasonsCommissioner's Report
13 - ContentsHearing by Court
14 - Application15 - Commissioner may apply or appear16 - Remedies17 - Summary hearingsCompliance Agreements
17.1 - Compliance Agreements17.2 - Agreement complied with20 - Confidentiality21 - Not competent witness22 - Protection of Commissioner23 - Consultations with provinces23.1 - Disclosure of information to foreign state24 - Promoting the purposes of the Part25 - Annual report26 - Regulations27 - Whistleblowing27.1 - Prohibition28 - Offence and punishment*29 - Review of Part by parliamentary committee
Interpretation
31 - DefinitionsPurpose
32 - PurposeElectronic Alternatives
33 - Collection, storage, etc.34 - Electronic payment35 - Electronic version of statutory form36 - Documents as evidence or proof37 - Retention of documents38 - Notarial act39 - Seals40 - Requirements to provide documents or information41 - Writing requirements42 - Original documents43 - Signatures44 - Statements made under oath45 - Statements declaring truth, etc.46 - Witnessed signatures47 - CopiesRegulations and Orders
48 - Regulations49 - Amendment of schedules50 - Regulations51 - Effect of striking out listed provision52 to 57 - [Amendments]
58 and 59 - [Amendments]
60 to 71 - [Amendments]
4.1 - Principle 1: Accountability4.2 - Principle 2: Identifying Purposes4.3 - Principle 3: Consent4.4 - Principle 4: Limiting Collection4.5 - Principle 5: Limiting Use, Disclosure, and Retention4.6 - Principle 6: Accuracy4.7 - Principle 7: Safeguards4.8 - Principle 8: Openness4.9 - Principle 9: Individual Access4.10 - Principle 10: Challenging Compliance
breach of security safeguards means the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards that are referred to in clause 4.7 of Schedule 1 or from a failure to establish those safeguards. (atteinte aux mesures de sécurité)
(g) a bank or an authorized foreign bank as defined in section 2 of the Bank Act;
(iv) the disclosure is requested for the purpose of communicating with the next of kin or authorized representative of an injured, ill or deceased individual;
(d.3) made on the initiative of the organization to a government institution, a part of a government institution or the individual’s next of kin or authorized representative and
(d.4) necessary to identify the individual who is injured, ill or deceased, made to a government institution, a part of a government institution or the individual’s next of kin or authorized representative and, if the individual is alive, the organization informs that individual in writing without delay of the disclosure;
(2) In any proceedings arising from an application made under section 14 or 15, the Court shall take every reasonable precaution, including, when appropriate, receiving representations ex parte and conducting hearings in camera, to avoid the disclosure by the Court or any person of any information or other material that the organization would be authorized to refuse to disclose if it were requested under clause 4.9 of Schedule 1.
Disclosure of offence authorized
(2) The information that the Commissioner is authorized to disclose under subsection (1) is information that the Commissioner believes
(b) the information in the electronic document will be readable or perceivable by any person who is entitled to have access to the electronic document or who is authorized to require the production of the electronic document; and
(b) the person before whom the statement was made, and who is authorized to take statements under oath or solemn affirmation, signs it with that person’s secure electronic signature;
The way in which an organization seeks consent may vary, depending on the circumstances and the type of information collected. An organization should generally seek express consent when the information is likely to be considered sensitive. Implied consent would generally be appropriate when the information is less sensitive. Consent can also be given by an authorized representative (such as a legal guardian or a person having power of attorney).
The security safeguards shall protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. Organizations shall protect personal information regardless of the format in which it is held.
Care shall be used in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information (see Clause 4.5.3).
