The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Friday, October 08, 2004
Protection of personal information
30 A public body must protect personal information in its custody or under its control by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or disposal.
Storage and access must be in Canada
30.1 A public body must ensure that personal information in its custody or under its control is stored only in Canada and accessed only in Canada, unless one of the following applies:
(a) if the individual the information is about has identified the information and has consented, in the prescribed manner, to it being stored in or accessed from, as applicable, another jurisdiction;
(b) if it is stored in or accessed from another jurisdiction for the purpose of disclosure allowed under this Act.
Obligation to report foreign demand for disclosure
30.2 (1) In this section:
"foreign demand for disclosure" means a subpoena, warrant, order, demand or request that is
(a) from a foreign court, an agency of a foreign state or another authority outside Canada, and
(b) for the unauthorized disclosure of personal information to which this Act applies;
"unauthorized disclosure of personal information" means disclosure of, production of or the provision of access to personal information to which this Act applies, if that disclosure, production or access is not authorized by this Act.
(2) If a public body, an employee of a public body or an employee or associate of a service provider
(a) receives a foreign demand for disclosure,
(b) receives a request to disclose, produce or provide access to personal information to which this Act applies, if the public body, employee or other person receiving the request
(i) knows that the request is for the purpose of responding to a foreign demand for disclosure, or
(ii) has reason to suspect that it is for such a purpose, or
(c) has reason to suspect that unauthorized disclosure of personal information has occurred in response to a foreign demand for disclosure,
the head of the public body, the employee or other person must immediately notify the minister responsible for this Act.
(3) The notice under subsection (2) must include, as known or suspected,
(a) the nature of the foreign demand for disclosure,
(b) who made the foreign demand for disclosure,
(c) when the foreign demand for disclosure was received, and
(d) what information was sought by or disclosed in response to the foreign demand for disclosure.
The Canadian Press has an article on these amendments, as well:
B.C. toughens privacy law over fears of info leaks under U.S. anti-terror law:
"VICTORIA (CP) -- The B.C. government introduced amendments to its privacy legislation Thursday designed to allay fears U.S. authorities could get their hands on provincial residents' private records.
Management Services Minister Joyce Murray introduced changes to the Freedom of Information and Protection of Privacy Act that, among other things, restricts storage and access of information outside Canada and threatens heavy fines on those who improperly disclose it.
'Our government takes the issue of privacy protection very seriously and has always been a national leader in privacy protection,' Murray said in a news release.
'British Columbians can be assured that no sensitive personal information will be sent to the U.S. on either a temporary or permanent basis.'"
Labels: bc, information breaches
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.