The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Wednesday, September 29, 2004
Human Resources and Skills Development Canada has proposed amendments to the Employment Insurance Regulations to ensure that HRSDC has access to employee payroll information to detect fraud and abuse of the Employment Insurance Program. The National Post has a large front page story on this, saying that the fraud detection program has been on hold for nine months because of fears of transgressing federal and provincial privacy laws. I would have suggested that this information collection without consent was already allowed under PIPEDA, the Alberta Personal Information Protection Act and BC's Personal Information Protection Act. Better to be safe than sorry ...
"REGULATORY IMPACT ANALYSIS STATEMENT
Description
The purpose of the proposed amendment to the Employment Insurance Regulations is to ensure that earnings verification programs conducted by Human Resources and Skills Development Canada (HRSDC), formerly Human Resources Development Canada, in cooperation with employers, satisfy the requirements of federal and provincial legislation pertaining to the disclosure of personal information.
As of January 1, 2004, subsection 7(3) of the federal Personal Information Protection and Electronic Documents Act (PIPEDA), applies to employers who fall under federal jurisdiction (i.e. airlines, banks, interprovincial transportation, radio and television broadcasting or telecommunications industries). Under the Act, these employers may not disclose personal information about an employee to HRSDC without the employee's consent unless HRSDC can demonstrate that it has the lawful authority to obtain this information. In addition, Quebec, British Columbia and Alberta have enacted privacy protection legislation requiring HRSDC to have lawful authority before it can obtain employee information from private sector employers in those provinces without employee consent. Similar legislation is being developed in other provinces.
With the implementation of the above-mentioned privacy legislation, regulatory clarification is required to ensure the ongoing functions of two verification programs administered by the Employment Insurance (EI) program: the Automated Earnings Reporting System (AERS) and the Report on Hirings (ROH) Program. These voluntary programs involve the comparison of EI claim files with current employee information provided to HRSDC by employers. HRSDC's lawful authority to obtain this information needs to be made explicit as a result of PIPEDA implementation. The AERS and ROH programs are currently under suspension (since January 1, 2004) and will be reinstated once the Regulations comes into effect.
Both the AERS and the ROH programs were developed in the late 1970s following recommendations made by stakeholders representing employers and employees. The level of participation has been considerable among employers because these programs are cost-effective and they help to alleviate the significant paper burden of requests for payroll information employers would otherwise receive.
Employees working for participants of AERS and the ROH benefit because the overpayment of EI benefits is minimized keeping financial hardship for the claimant to a minimum if repayments are required. This also means that subsequent administrative penalties or prosecutions are less likely because HRSDC is aware of the problem at the outset. As well, deterrence is achieved by encouraging participating employers to advise their employees that they participate in the AERS or ROH program. HRSDC provides employers with posters and inserts for use in informing employees that they share payroll and hiring information with HRSDC.
The proposed Regulations safeguards the privacy of Canadian workers and at the same time, it reduces the potential for making EI payments to claimants who are not lawfully entitled to receive them. The only information available to HRSDC that is collected from the verification programs, is information matching employees subject to an overpayment.
AERS and ROH are early intervention measures and serve as major deterrents to fraud and abuse of the EI program. HRSDC considers the use of regular and ongoing verification programs as crucial control mechanisms that assist HRSDC in meeting its obligations with respect to sound management practices and its fiduciary responsibility under the Employment Insurance Act.
To support the continuation of these voluntary verification programs, it is proposed that section 55.1 of the Employment Insurance Regulations be added to make explicit that HRSDC has the lawful authority to obtain employee information on a continuing basis. The information to be collected will include information in respect of the date of commencement of employment, duration of employment, amounts earned and reasons for separation from employment. It will apply to employers who (a) hired or recalled ten or more employees in a twelve-month period or expect to do so in the upcoming twelve months or (b) were required to issue ten or more records of employment in a twelve-month period or expect to do so in the upcoming twelve months.
...
Consultation
This proposed regulatory amendment was prepared by Human Resources and Skills Development Canada's Employment Program Policy and Design in consultation with Insurance Program Services, Investigation and Control, Legal Services and Privacy and Access to Information. External consultations have taken place with Industry Canada which is responsible for PIPEDA and the Department of Justice which agreed to the intent of the Regulations and drafted the wording. The Office of the Privacy Commissioner was also consulted during the developmental stages. The Employment Insurance Commission (including the Commissioners for Workers and the Employers) approved the Regulations in principle on November 14, 2003.
Compliance and enforcement
Existing compliance mechanisms contained in HRSDC's adjudication and control procedures will ensure that these changes are properly implemented. ..."
Labels: air travel, alberta, bc, information breaches, lawful authority, pipa, privacy
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.