The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Friday, April 14, 2006
It is always interesting to see how the courts are dealing with privacy laws.
I just came across a somewhat interesting case from British Columbia, in which the Court was asked to determine whether the Personal Information Protection Act could be used to refuse to identify a witness based on the "privacy" of that witness. The answer, not surprisingly, is no:
Shilton v. Fassnacht, 2006 BCSC 431 (CanLII)[12] The plaintiffs object to disclosure on a number of bases. First, they submit that the opening words of Rule 27(22) give the court a discretion to order non-disclosure. They submit that non-disclosure should be ordered here for reasons of privacy and privilege.
[13] On the privacy issue, the plaintiffs referred to the Personal Information Protection Act, S.B.C. 2003, c. 63. That Act governs the collection, use and disclosure of personal information by organizations. In the Act “organization” is defined as including a person. However, s. 3(4) provides:
3(4) This Act does not limit the information available by law to a party in a proceeding.[14] Given other definitions in the Act, it is clear that the present lawsuit comes within the meaning of “a proceeding.” Moreover, s. 1 of the Act specifies that “personal information” does not include “contact information.”
[15] In my view, there is nothing in the Personal Information Protection Act that would limit the defendant’s right under Rule 27(22) to obtain the names and contact information of relevant witnesses.
Even more interesting is the way the Court considered the Personal Information Protection and Electronic Documents Act. The Judge concluded that PIPEDA does not apply in British Columbia because of the effect of s. 30(1) of that Act:
[16] It is even clearer that the federal Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 has no application here by virtue of s. 30(1), which provides:30(1) This Part does not apply to any organization in respect of personal information that it collects, uses or discloses within a province whose legislature has the power to regulate the collection, use or disclosure of the information, unless the organization does it in connection with the operation of a federal work, undertaking or business or the organization discloses the information outside the province for consideration.[17] The present lawsuit relates to matters wholly within the province of British Columbia and the federal act has no application.
With the greatest respect to the judge and to the party that made the argument, this is just plain wrong. It is true that PIPEDA does not apply to the provincially-regulated private sector in BC, but it has nothing to do with s. 30(1) in 2006. If you look at all of s. 30, you'll see that s. 30(1) is no longer in effect.
DIVISION 5
TRANSITIONAL PROVISIONSApplication
30. (1) This Part does not apply to any organization in respect of personal information that it collects, uses or discloses within a province whose legislature has the power to regulate the collection, use or disclosure of the information, unless the organization does it in connection with the operation of a federal work, undertaking or business or the organization discloses the information outside the province for consideration.
Application
(1.1) This Part does not apply to any organization in respect of personal health information that it collects, uses or discloses.
Expiry date
*(2) Subsection (1) ceases to have effect three years after the day on which this section comes into force.
* [Note: Section 30 in force January 1, 2001, see SI/2000-29.]
Expiry date
*(2.1) Subsection (1.1) ceases to have effect one year after the day on which this section comes into force.
* [Note: Section 30 in force January 1, 2001, see SI/2000-29.]
The Act came into force on January 1, 2001, so s. 30(1) ceased to have any effect on January 1, 2004.
The real reason why PIPEDA does not apply to the provincially regulated private sector in British Columbia is because of the effect of s. 26(2):
Orders(2) The Governor in Council may, by order,
(a) ...
(b) if satisfied that legislation of a province that is substantially similar to this Part applies to an organization, a class of organizations, an activity or a class of activities, exempt the organization, activity or class from the application of this Part in respect of the collection, use or disclosure of personal information that occurs within that province.
The Governor in Council did make such an order (Organizations in the Province of British Columbia Exemption Order ) on October 12, 2004. For this reason, if PIPA (BC) does apply, PIPEDA will not.
Labels: bc, british columbia, health information, information breaches, pipa, privacy
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.