Interpretation
2 - DefinitionsPurpose
3 - PurposeApplication
4 - Application4.01 - Business contact information4.1 - Certificate under Canada Evidence Act5 - Compliance with obligations6 - Effect of designation of individual6.1 - Valid consent7 - Collection without knowledge or consent7.1 - Definitions7.2 - Prospective business transaction7.3 - Employment relationship7.4 - Use without consent8 - Written request9 - When access prohibited10 - Sensory disability
Filing of Complaints
11 - ContraventionInvestigations of Complaints
12 - Examination of complaint by Commissioner12.1 - Powers of CommissionerDiscontinuance of Investigation
12.2 - ReasonsCommissioner's Report
13 - ContentsHearing by Court
14 - Application15 - Commissioner may apply or appear16 - Remedies17 - Summary hearingsCompliance Agreements
17.1 - Compliance Agreements17.2 - Agreement complied with20 - Confidentiality21 - Not competent witness22 - Protection of Commissioner23 - Consultations with provinces23.1 - Disclosure of information to foreign state24 - Promoting the purposes of the Part25 - Annual report26 - Regulations27 - Whistleblowing27.1 - Prohibition28 - Offence and punishment*29 - Review of Part by parliamentary committee
Interpretation
31 - DefinitionsPurpose
32 - PurposeElectronic Alternatives
33 - Collection, storage, etc.34 - Electronic payment35 - Electronic version of statutory form36 - Documents as evidence or proof37 - Retention of documents38 - Notarial act39 - Seals40 - Requirements to provide documents or information41 - Writing requirements42 - Original documents43 - Signatures44 - Statements made under oath45 - Statements declaring truth, etc.46 - Witnessed signatures47 - CopiesRegulations and Orders
48 - Regulations49 - Amendment of schedules50 - Regulations51 - Effect of striking out listed provision52 to 57 - [Amendments]
58 and 59 - [Amendments]
60 to 71 - [Amendments]
4.1 - Principle 1: Accountability4.2 - Principle 2: Identifying Purposes4.3 - Principle 3: Consent4.4 - Principle 4: Limiting Collection4.5 - Principle 5: Limiting Use, Disclosure, and Retention4.6 - Principle 6: Accuracy4.7 - Principle 7: Safeguards4.8 - Principle 8: Openness4.9 - Principle 9: Individual Access4.10 - Principle 10: Challenging Compliance
(2.3) Within thirty days after the day on which it is notified under subsection (2.2), the institution or part shall notify the organization whether or not the institution or part objects to the organization complying with the request. The institution or part may object only if the institution or part is of the opinion that compliance with the request could reasonably be expected to be injurious to
(c.1) the matter is the object of a compliance agreement entered into under subsection 17.1(1);
(1) If the Commissioner believes on reasonable grounds that an organization has committed, is about to commit or is likely to commit an act or omission that could constitute a contravention of a provision of Division 1 or 1.1 or a failure to follow a recommendation set out in Schedule 1, the Commissioner may enter into a compliance agreement, aimed at ensuring compliance with this Part, with that organization.
(2) A compliance agreement may contain any terms that the Commissioner considers necessary to ensure compliance with this Part.
Effect of compliance agreement — no application
(3) When a compliance agreement is entered into, the Commissioner, in respect of any matter covered under the agreement,
(4) For greater certainty, a compliance agreement does not preclude
(1) If the Commissioner is of the opinion that a compliance agreement has been complied with, the Commissioner shall provide written notice to that effect to the organization and withdraw any applications that were made under subsection 14(1) or paragraph 15(a) in respect of any matter covered under the agreement.
(2) If the Commissioner is of the opinion that an organization is not complying with the terms of a compliance agreement, the Commissioner shall notify the organization and may apply to the Court for
The striking out of a reference to a federal law or provision in Schedule 2 or 3 does not affect the validity of anything done in compliance with any regulation made under section 50 that relates to that federal law or provision while it was listed in that Schedule.
An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.
Accountability for the organization’s compliance with the principles rests with the designated individual(s), even though other individuals within the organization may be responsible for the day-to-day collection and processing of personal information. In addition, other individuals within the organization may be delegated to act on behalf of the designated individual(s).
The identity of the individual(s) designated by the organization to oversee the organization’s compliance with the principles shall be made known upon request.
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.
The individual accountable for an organization’s compliance is discussed in Clause 4.1.1.
