Slashdot Mirror
Canadian Privacy Act
Nos. writes "Yesterday, I happened upon an Act that came into effect in Canada on January 1, 2004. The Personal Information Protection and Electronic Documents Act protects almost every bit of personal information not publicly available. For example, your name, race, date of birth, income, etc. are protected where your address and telephone number are not (these are generally available in the telephone book). Some of the more interesting parts of the faq include such wonderful things as: '[businesses must] supply you with a product or a service even if you refuse consent for the collection, use or disclosure of your personal information unless the information is essential to the transaction'. Definitely a step in the right direction."
are two different things. Ie, here in Germany we have very tough laws with regard to your personal information and how it must be handled by businesses and the government. It's called "Datenschutz" and the CCC (Chaos Computer Club, you know: Blinkenlights) is a big lobbiest for Datenschutz.
Unfortunately the laws and procedures are broken every day, simply because it's so easy to do. It's very rare that somebody publicly complains when personal privacy is jeopardized and even when somebody cries foul, the public doesn't care.
Free Manning, jail Obama.
I actually had to sign one of these statements at work & deal with this whenever I see the doctor/dentist/etc.
It seems that information already collected must be dealt with according to the act. Just because you collected it last year, doesn't mean you don't need consent to use it this year. Actually, my Dentist made me sign a form for them to share/get information with outside labratories.
===> An eye for an eye makes everyone blind - MG
There is another act called the Privacy Act that circumscribes the behaviour of government. That act was passed in 1980. You can find it here... http://laws.justice.gc.ca/en/p-21/93543.html
It's illegal to REQUIRE a SIN (Social Insurance Number) in Canada if you aren't the government, an employer, or are somehow related to taxation. My bank can ask me for a SIN because they need to report the amount of income I made on interest. A credit card company CAN NOT ask for my SIN. If I refuse to provide it, and they refuse their service, I can file a complaint against the company. The SIN number is not meant as a unique identifier for anyone other than the government.
If someone asks for it, read the fine print. It's usually optional. If it's not optional, make sure you phone the company and ask why it's required, and make sure they know that you know that it's not necessary for them to have it. DON'T GIVE IT OUT. It's not necessary to have your SIN for companies to do a credit check on you here.
2) if this is bullshit, then it is nothing but a pr stunt.
Interesting logic, care to explain? This isn't your usual local ordinance proclaiming some random date to be [insert local sports team] day.
As to how it will be implemented, many companies ask up front where you're from. They then structure their conversation with you appropriately (or say they don't deal with Canadians).
This article from last year goes into a few of these issues:
Now it's linked in government databases to everything.
Canada's Social Insurance Numbers are basically an account number for each citizen. By law even the banks can't demand it although they can refuse service if you don't give it to them.
G1Q 1Q9
translation: (I have) (an) (ass(, (a) (new) (ass)
note that in French, the adjective (new) comes after the noun (ass), and I switched them for non-French slashdotters
As a physician, I can say that HIPPA does exactly the opposite of what most people expect. This is a bogus law lobbied for by the insurance carriers. Essentially, information is free game for all insurance carriers, but the very care providers are limited in their ability to share/discuss and enable the care of patients by this law. There have been many mistakes made because the identity of the patient was "hidden" and the wrong patient has recieved or not recieved something. After this I lost all faith in our government to make laws to accomplish the percieved purpose they are sold to us.
There are other ways to get said information. Consumer Reports prints recalls in their magazine every month, for example.
Police Information Systems,
l l. pdf
Information Practices and
Individual Privacy.
If your really interested in Ontario's laws regarding information storage, read the following article:
http://qed.econ.queensu.ca/pub/cpp/March97/Sche
Mod +5 Drunk
Your SIN is private, right? HEH. Nope. Now it's linked in government databases to everything. As someone who once had complete and total access to several sensitive (welfare client info) government databases - and was challenged appropriately by only ONE of dozens of sysadmins - I don't trust the government to protect a pile of dog feces.
The personal details of all Canadian residents (not just citizens) are automatically classified as "Protected" and any department or agency worth their salt actually do take this sort of stuff seriously.
Any case of abuse (of people's personal data) does tend to result in being fired, period.
The federal government (outside CCRA) does avoid using SIN as much as possible because any document with that on it, has to be classified "Protected".
HRDC uses a fair bit, but as little as possible in what I've seen.
I've seen federal government forms that ask for only the last digit of your year of birth, in an attempt to prevent age decriminitation (if they don't know your actual age, they can't be accused of decriminiating based upon it) in the hiring process.
Honestly I have to say the Canadian federal government takes privacy seriously, it's an important Canadian value. Sure, some people see it as a hassle and more paperwork, but overall the vast majority do value the public's privacy and security.
BTW, do you know if there was an auditing on that database? Not all privacy enforcement is pro-active, to prevent being overly burdensome, but can flag and catch abusers. That technique is heavily used in medical privacy, and the medical files of celeberties.
I know a bit more about it (though I'm not a lawyer) :-)
:-)
Yes, unfortunately the law doesn't specify any about penalties. To the best of my knowledge the highest damages that has ever been awarded for a violation of the privacy rights was ~100k. Not bad, but that person was able to proof in court that he had suffered real monetary damages. Psychological distress doesn't count
Courts have been relucatant with rewarding damages. For example, the phone company published a phone number of battered women's shelter by accident. They had to close the shelter, because they couldn't guarantee the safety anymore. They had to sell the house at a loss etc. and move elsewhere. The court awarded 15k in damages. That's a joke...
Another thing that the law describes is that you may only ask for the data you need. That has led to webmaster being "abgemahnt" (like a competitor complaining, costs you some money, but all without a court) for asking the name of newsletter-subscribers (email address would have been enough)... uh well...
But guess what... Some companies just moved their computing centers to chile, because they don't have privacy laws. They export the data, do the "illegal" cross linking in chile, and then re-import the data.
It's not that simple in practice. Getting damages from a court is nice, but German courts are a bit more realistic in awarding damages. What's easier is getting a court order to have them stop. While the law doesn't specify penalties/damages, violating a court order can get you in trouble...
Actually, this legislation was passed several years ago, but the date that non-government organizations were required to be compliant was Jan 2, 2004.
No actually you do not require the SIN to get a credit report in Canada. You are thinking like it is the US, it is not. To get a credit report in canada you can do so with other information. In fact companies are prohibited by law from using the SIN as the primary key, besides it is a bad primary key since it is not unique.
If you go to buy a car and they ask for your SIN you can decline since it is by law not required.
You only need to provide your SIN when it pertains to income. eg. Employer company/bank in which you hold investments (stock brocker). They may only use this information for taxation purposes.
Even the CCRA, the canadian IRS does not use the SIN as a key in their database, because again the SIN is not unique, there are several people in canada with the same SIN numbers, it was designed that way because like the original intent of the SSN it is not an ID number, just a number to aid in income tax and pensions.
Yeah, it is truly bizarre -- if the business is making money off the product.
Sometimes, the business is making -- or plans to make -- the majority of its money off selling your name or your "eyeballs" (viewership).
Some MBA has convinced ShopShack that the real money is in selling its customers to other businesses, and MBAstard realizes that you just want to make the purchase and get on with your life. So a policy is made that the shop won't sell without getting your information, wagering that, having waited in the check-out line, rather than go to the trouble to buy elsewhere, you'll just do as you're told like a good little consumer.
The only effective response to this is to make the cost of doing this as high as possible for the business by
It's not easy, and it's not convenient, but if you want to keep your privacy, you need to make it uncomfortable and costly for those who want to take it from you. make it costly enough, and the stores will stop doing this crap.
Opinions on the Twiddler2 hand-held keyboard?
The abolition of slavery was considered the work of religious radicals too, who had this wild notion that all those slaves were human beings and their book said it was wrong to keep human beings in bondage, but not every abolitionist was religious. The right to live, like the right to not be a slave, is something that plenty of people can grasp without the guidance of Holy texts.
So, at the end of the day, like most things, the problem can be blamed directly on religious people. In this case, American Christians.
At the end of the day, I find that most problems can be blamed on the intollerent. You know, like some American Christians... also, exactly like you.
Failure to comply is a serious issue and may result in (now stealing from our website):
- Legal liability
- Industry and government sanctions
- Charges of deceptive business practice
- Fines and criminal records for your employees
- Severe damage to your reputation and brand
- Damage to your key business relationships
- Loss of business, financial penalties
- Customer and employee distrust.
I do believe this is a good piece of legislation. I look forward to seeing it applied and tested over the next year or two. Then we'll know if it's actually an affective piece of legislation.
Sorry, canada is not the US so it is not useful to think of it in terms of the US and its privacy policy where companies can tell you to do whatever they want you to. Companies have a lot less power in canada and this legislation limits that power even further when it comes to private information.
i ndex.asp?C_ID=Fpriv
A credit report in canada can be produced with none of the above information you have mentioned. The core information for a credit report in canada is your name and date of birth and maybe a credit card or bank account number.
If a company in Canada tries to force you to give up your SIN for ANY PURPOSE other than that necessary to report income to the CCRA they can have serious problems even prior to this most recent privacy legislation.
Add to that the simple fact that the SIN is not a unique number. Yes there are more than one canadian with the same SIN number. The CCRA (Canadian IRS) does not even use it for a unique key. Instead they use a large composite key of multiple pieces of information about you so that they know it is in fact you.
Why do you think identity theft in Canada is a shadow of the problem in the US?
In the US the SSN is everything. You are your SSN. In Canada you are identified by a much larger set of information that makes it substantially more difficult to impersonate you and also to prove when someone tries to impersonate you.
If you would like to know more about the law and that it should be taken seriously by all Canadian businesses check out Blake, Cassels and Graydon one of Canadas oldest and largest law firms has some excellent information on the privacy legislation what it means to canadian companies.
http://www.blakes.com/english/publications/focus/
Oh and the law has already been used to protect peoples privacy.
There was one case in which a canadian bank (canadian banks have been under PIPEDA since 2001) accidently wrote "bankrupt" on a womans address label on a bank statement letter she recieved. She complained to the bank and they were going to give her a $20 gift certificate, she complained then to the privacy commisioner and the bank was ordered to pay the woman over $2000 in damages.
This is for one single automated mistake that resulted in the mailman seeing that the woman was bankrupt. Imagine if 1000 Canadians had recieved a letter with that mistake, that is $2 million.
PIPEDA has teeth.
Oh I forgot to mention in my other responses, the Privacy commissioner has the right under the legislation to fully audit a company accused of privacy violations and then if they are found to have violated a persons provacy the commisioner has the right to publish publicly those violations.
i ndex.asp?C_ID=Fpriv
This right to publish a companies dirty secrets alone is a significant deterent to companies who abuse citizens privacy not to mention the significant cash penalties that could result.
Also keep in mind that PIPEDA is one of the few ways in canada where a class action type lawsuit can be brought, something that almost never happens in Canada.
For more information on what this law means to canadian business check out...
http://www.blakes.com/english/publications/focus/
Parking lot complaints
825 complaints in 18 months in one city against one company. The data was sold by the government to the parking company.
Vip
Not in Canada. Even most government departments are not allowed to know your SIN. A case in point: A number of years ago a former employer owed me a small sum of money, something like $2.50. They did not have a forwarding address for me, and passed it on to Labour Canada. Labour Canada asked Revenue Canada to contact me, and have me contact them, because they could not reveal where I was without my permission, and Labour Canada could not look me up in any database, because my ex-employer was forbidden to hand out my SIN.
As I understand it, use of the SIN for other than employment and taxation uses is illegal.
The PIPDA's been on the books for two years. It only came into effect for non-government agencies Jan. 1st. It's been in effect for crown corporations, agencies, and federally regulated industries for quite a while.
One of the stipulations of the act is that they have to inform you why they're collecting the information.
here in Germany we have very tough laws with regard to your personal information and how it must be handled by businesses and the government
This is actually a EU directive. Or actually, two different ones. One dealing with regular privacy (enforced since 1998), and one with online privacy (enforced since last year). Seemingly when you read the text of the directive, it has a lot of teeth, but in practice they make exceptions every time someone asks. Like when the US insisted on having every bit of available information on EU citizens flying into the US (including the kind of meal they took, and how they paid for their ticket). The EU after some haggling made an exception that allows some, but not all, of the passenger information to pass to the US.
At least, a privacy law, even if it's not being enforced, is still better than no privacy law.
No, seriously. It is.
Do you even know what socialist means?
bacchusrx.
Life after capitalism? The participatory economics project
What kind of sick country tracks "race" in a database?
The typically usage for "race" is actually voluntary disclosure whether you are member of a visual minority for the purposes of "employment equity" status for hiring preference.
The recent US name was "affirimative action" hiring.
It gets quite funny with security id cards that try to describe appearance (the form on file) without actually offending anybody where the actual only purpose is to ensure that Jill's id card is only used by Jill.
OTOH, you could just move to canada. Have you noticed that Canada seems to be defending civil liberties when america strips them away?
Yes, while much of the US has their shorts in a knot over Janet Jackson's nipple, and the FCC wants even more draconian penalties for college radio stations that dare to broadcast the word f*ck, Canada rolls along, worrying about neither.
Trust me, 3PM on a school day is the best time to listen to hardcore punk rock!
Three Squirrels
stratjakt (596332) sez: "And the guy said "Sir we cant sell anything without this information."
/ index.html
He lied. The bypass is built into the register software. Complain to RS Corporate is this happens.
From http://corpinfo.radioshack.com/CompanyInfo/Ethics
[Getting off their mailing list]:
"Customers who prefer not to receive offers, promotions and other information, may call 800-415-3200, e-mail at www.radioshack.com or write at RadioShack Circulation, 100 Throckmorton, Suite 300, Fort Worth, Texas 76102."
[Not giving personal data]:
"Rest assured RadioShack values its customers regardless of whether or not they choose to provide us with their name and address."
[From elsewhere on the site]:
Ethics Team at RadioShack
Phone: RadioShack Hotline: (800) 826-3915
Email: ethics@radioshack.com
Fax: (817) 415-3922
Mail: RadioShack Ethics Team
100 Throckmorton Street, Suite 813
Fort Worth, Texas 76102
I've never had any such problem myself. Anytime they or anyone else asks me for such things I look them straight in the eye and give them a clear and firm "No.", loud enough to make sure it's understood that I could have said it louder.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B