Privacy and Electronic Commerce
Neary, Gerald, Canadian Parliamentary Review
In April 2000 Parliament passed the Personal Information Protection and Electronic Documents Act (otherwise known as Bill C-6). This law extends privacy protection to the private sector, including the burgeoning and complex field of electronic commerce. This article examines some provisions of the new law which came into the effect on January 1, 2001.
Not long ago, I might have begun a speech on this topic with a quotation like the one which appeared on the cover of the March 2000 issue of PC Computing.
* WE KNOW EVERYTHING ABOUT YOU
* Where you live
* Where you work
* How much you make
* What you buy
* What you do on the Web
* Your private past
Not that this scary message is no longer true but the new act of Parliament has put informational privacy on a much more secure footing.
The Privacy Act.
Some say that electronic commerce currently holds privacy in low esteem. They suggest that many businesses -- and not only those in electronic commerce -- know and seek to know far more than they need and ought to know about individuals. It is implied that many businesses have only a mercenary, or at best, a cavalier regard for the privacy of their clients, customers, and employees, and that many use and disclose personal information in highly inappropriate ways. Whatever the speculations, what is true -- is that the potential for business to abuse personal information and violate the privacy of individuals tends to increase almost daily through ever-developing intrusive technologies. Yes, the scary, deplorable truth is that our privacy can be at considerable risk in electronic commerce and elsewhere in the private sector.
Rather than dwelling on all the scary negatives let me address the legislation which holds new hope for privacy, not only in electronic commerce, but also throughout the private sector. It is not a panacea, but it is a positive force that I believe has strong potential to raise privacy standards several notches higher in the sector that dares to call itself private.
To appreciate the new Act, it will be helpful to know something about the existing one from which it largely derives its core values of fair information practices -- the federal Privacy Act. This Act has been in force since 1983. The official whose main responsibility it is to supervise the application of the Act is the Privacy Commissioner of Canada. The Privacy Commissioner is an officer of Parliament, responsible directly to Parliament. He does not report to or through any one minister of the Crown.
Essentially, the Privacy Act regulates how federal government institutions may collect, use and disclose personal information about individual Canadians. As for the individuals themselves, the Act provides them with a right of access to information held about them by the federal government, and a right to request correction of any erroneous information.
The Act gives the Privacy Commissioner powers to audit federal institutions for compliance with the Act. It also obliges the Commissioner to investigate complaints by individuals about breaches of the Act.
Individuals may lodge a formal complaint with the Commissioner, for instance, if they believe that a government institution has denied them due access to their personal information, or has taken too long in providing it, or has applied unacceptable exemptions to it, or has refused to correct errors in it.
Or they may complain that a government institution has collected personal information about them that it shouldn't have collected, or destroyed personal information that it shouldn't have destroyed, or used or disclosed their information for purposes other than those for which it was originally collected.
Every year, the Commissioner receives hundreds of such complaints, which his staff duly investigates. The Commissioner subsequently reports his findings both to the individual complainants and to the federal institutions concerned. …