The United States Congress passed the USA Patriot Act soon after the September 11, 2001 terrorist attacks. It gives new investigative powers to law enforcement agencies in the US. Section 215 of the Act allows a special court to secretly issue an order requiring "the production of any tangible things" to the FBI. This can include an individual's personal information. Anyone served with such a secret order is prohibited from disclosing to anyone else that the order exists or has been complied with. When Canadian privacy commissioners met in May 2004 in Victoria, BC, a general consensus emerged that exchange of personal information across borders was becoming increasingly significant in the context of continental economic integration. The British Columbia Information and Privacy Commissioner released his advisory report on the privacy implications of the USA Patriot Act on October 29, 2004. More than 500 representations were received about this issue including the following submission from the Privacy Commissioner of Canada.
We live in a virtual world where the global transmission of information is becoming most seamless. The operations of governments and corporations are profoundly transformed by the emergence of e-government and e-commerce. Electronic collection, use, sharing and storage of personal information is at the hub of this transformation which modifies not only the way organizations carry out their daily business but also, more fundamentally, the manner by which they communicate with citizens, consumers, clients and stakeholders.
The concerns raised about the impact of the USA Patriot Act on the privacy of personal information about Canadians are really part of a much broader issue--the extent to which Canada and other countries share personal information about their citizens with each other, and the extent to which information that has been transferred abroad for commercial purposes may be accessible to foreign governments. The enactment of the USA Patriot Act may simply have served as the catalyst that brought these issues to the fore. In Canada, citizens increasingly recognize the vital importance of personal information management for good government and sound corporate practices.
The issue of transfers of personal information across borders goes to the heart of national sovereignty as well as to Canadian identity. As a society, we must think more broadly about the mix of policy instruments that will provide an adequate level of protection of personal information as required by the Personal Information Protection and Electronic Documents Act (PIPEDA), the Privacy Act and equivalent provincial and territorial statutes. This reflection is necessary if Canada is to maintain its leadership in privacy protection.
Governments across Canada have introduced many measures in recent decades to protect the personal information of Canadians. Most significantly, they have developed laws regulating the collection, use and disclosure of personal information by governments and private sector organizations.
At the federal level, the Privacy Act, which came into force in 1983, regulates the collection use and disclosure of personal information in the public sector by about 150 federal institutions. All provinces and territories have similar public sector legislation.
Canada has gone one step further by setting privacy standards for information handling in the commercial private sector. Beginning in stages since 2001, the Personal Information Protection and Electronic Documents Act has regulated the handling of personal information in the private sector across the country. Several provinces have enacted similar privacy standards. PIPEDA brings Canada law into line with privacy standards for personal information developed by the European Union, and means that our standards for the protection of personal information, when used by a commercial …