Slashdot Mirror
Canadian Privacy Act
Nos. writes "Yesterday, I happened upon an Act that came into effect in Canada on January 1, 2004. The Personal Information Protection and Electronic Documents Act protects almost every bit of personal information not publicly available. For example, your name, race, date of birth, income, etc. are protected where your address and telephone number are not (these are generally available in the telephone book). Some of the more interesting parts of the faq include such wonderful things as: '[businesses must] supply you with a product or a service even if you refuse consent for the collection, use or disclosure of your personal information unless the information is essential to the transaction'. Definitely a step in the right direction."
are two different things. Ie, here in Germany we have very tough laws with regard to your personal information and how it must be handled by businesses and the government. It's called "Datenschutz" and the CCC (Chaos Computer Club, you know: Blinkenlights) is a big lobbiest for Datenschutz.
Unfortunately the laws and procedures are broken every day, simply because it's so easy to do. It's very rare that somebody publicly complains when personal privacy is jeopardized and even when somebody cries foul, the public doesn't care.
Free Manning, jail Obama.
I actually had to sign one of these statements at work & deal with this whenever I see the doctor/dentist/etc.
It seems that information already collected must be dealt with according to the act. Just because you collected it last year, doesn't mean you don't need consent to use it this year. Actually, my Dentist made me sign a form for them to share/get information with outside labratories.
===> An eye for an eye makes everyone blind - MG
There is another act called the Privacy Act that circumscribes the behaviour of government. That act was passed in 1980. You can find it here... http://laws.justice.gc.ca/en/p-21/93543.html
It's illegal to REQUIRE a SIN (Social Insurance Number) in Canada if you aren't the government, an employer, or are somehow related to taxation. My bank can ask me for a SIN because they need to report the amount of income I made on interest. A credit card company CAN NOT ask for my SIN. If I refuse to provide it, and they refuse their service, I can file a complaint against the company. The SIN number is not meant as a unique identifier for anyone other than the government.
If someone asks for it, read the fine print. It's usually optional. If it's not optional, make sure you phone the company and ask why it's required, and make sure they know that you know that it's not necessary for them to have it. DON'T GIVE IT OUT. It's not necessary to have your SIN for companies to do a credit check on you here.
Now it's linked in government databases to everything.
Canada's Social Insurance Numbers are basically an account number for each citizen. By law even the banks can't demand it although they can refuse service if you don't give it to them.
G1Q 1Q9
translation: (I have) (an) (ass(, (a) (new) (ass)
note that in French, the adjective (new) comes after the noun (ass), and I switched them for non-French slashdotters
There are other ways to get said information. Consumer Reports prints recalls in their magazine every month, for example.
Police Information Systems,
l l. pdf
Information Practices and
Individual Privacy.
If your really interested in Ontario's laws regarding information storage, read the following article:
http://qed.econ.queensu.ca/pub/cpp/March97/Sche
Mod +5 Drunk
Your SIN is private, right? HEH. Nope. Now it's linked in government databases to everything. As someone who once had complete and total access to several sensitive (welfare client info) government databases - and was challenged appropriately by only ONE of dozens of sysadmins - I don't trust the government to protect a pile of dog feces.
The personal details of all Canadian residents (not just citizens) are automatically classified as "Protected" and any department or agency worth their salt actually do take this sort of stuff seriously.
Any case of abuse (of people's personal data) does tend to result in being fired, period.
The federal government (outside CCRA) does avoid using SIN as much as possible because any document with that on it, has to be classified "Protected".
HRDC uses a fair bit, but as little as possible in what I've seen.
I've seen federal government forms that ask for only the last digit of your year of birth, in an attempt to prevent age decriminitation (if they don't know your actual age, they can't be accused of decriminiating based upon it) in the hiring process.
Honestly I have to say the Canadian federal government takes privacy seriously, it's an important Canadian value. Sure, some people see it as a hassle and more paperwork, but overall the vast majority do value the public's privacy and security.
BTW, do you know if there was an auditing on that database? Not all privacy enforcement is pro-active, to prevent being overly burdensome, but can flag and catch abusers. That technique is heavily used in medical privacy, and the medical files of celeberties.
Actually, this legislation was passed several years ago, but the date that non-government organizations were required to be compliant was Jan 2, 2004.
Yeah, it is truly bizarre -- if the business is making money off the product.
Sometimes, the business is making -- or plans to make -- the majority of its money off selling your name or your "eyeballs" (viewership).
Some MBA has convinced ShopShack that the real money is in selling its customers to other businesses, and MBAstard realizes that you just want to make the purchase and get on with your life. So a policy is made that the shop won't sell without getting your information, wagering that, having waited in the check-out line, rather than go to the trouble to buy elsewhere, you'll just do as you're told like a good little consumer.
The only effective response to this is to make the cost of doing this as high as possible for the business by
It's not easy, and it's not convenient, but if you want to keep your privacy, you need to make it uncomfortable and costly for those who want to take it from you. make it costly enough, and the stores will stop doing this crap.
Opinions on the Twiddler2 hand-held keyboard?
The abolition of slavery was considered the work of religious radicals too, who had this wild notion that all those slaves were human beings and their book said it was wrong to keep human beings in bondage, but not every abolitionist was religious. The right to live, like the right to not be a slave, is something that plenty of people can grasp without the guidance of Holy texts.
So, at the end of the day, like most things, the problem can be blamed directly on religious people. In this case, American Christians.
At the end of the day, I find that most problems can be blamed on the intollerent. You know, like some American Christians... also, exactly like you.
Failure to comply is a serious issue and may result in (now stealing from our website):
- Legal liability
- Industry and government sanctions
- Charges of deceptive business practice
- Fines and criminal records for your employees
- Severe damage to your reputation and brand
- Damage to your key business relationships
- Loss of business, financial penalties
- Customer and employee distrust.
I do believe this is a good piece of legislation. I look forward to seeing it applied and tested over the next year or two. Then we'll know if it's actually an affective piece of legislation.
Sorry, canada is not the US so it is not useful to think of it in terms of the US and its privacy policy where companies can tell you to do whatever they want you to. Companies have a lot less power in canada and this legislation limits that power even further when it comes to private information.
i ndex.asp?C_ID=Fpriv
A credit report in canada can be produced with none of the above information you have mentioned. The core information for a credit report in canada is your name and date of birth and maybe a credit card or bank account number.
If a company in Canada tries to force you to give up your SIN for ANY PURPOSE other than that necessary to report income to the CCRA they can have serious problems even prior to this most recent privacy legislation.
Add to that the simple fact that the SIN is not a unique number. Yes there are more than one canadian with the same SIN number. The CCRA (Canadian IRS) does not even use it for a unique key. Instead they use a large composite key of multiple pieces of information about you so that they know it is in fact you.
Why do you think identity theft in Canada is a shadow of the problem in the US?
In the US the SSN is everything. You are your SSN. In Canada you are identified by a much larger set of information that makes it substantially more difficult to impersonate you and also to prove when someone tries to impersonate you.
If you would like to know more about the law and that it should be taken seriously by all Canadian businesses check out Blake, Cassels and Graydon one of Canadas oldest and largest law firms has some excellent information on the privacy legislation what it means to canadian companies.
http://www.blakes.com/english/publications/focus/
Oh and the law has already been used to protect peoples privacy.
There was one case in which a canadian bank (canadian banks have been under PIPEDA since 2001) accidently wrote "bankrupt" on a womans address label on a bank statement letter she recieved. She complained to the bank and they were going to give her a $20 gift certificate, she complained then to the privacy commisioner and the bank was ordered to pay the woman over $2000 in damages.
This is for one single automated mistake that resulted in the mailman seeing that the woman was bankrupt. Imagine if 1000 Canadians had recieved a letter with that mistake, that is $2 million.
PIPEDA has teeth.
Parking lot complaints
825 complaints in 18 months in one city against one company. The data was sold by the government to the parking company.
Vip
stratjakt (596332) sez: "And the guy said "Sir we cant sell anything without this information."
/ index.html
He lied. The bypass is built into the register software. Complain to RS Corporate is this happens.
From http://corpinfo.radioshack.com/CompanyInfo/Ethics
[Getting off their mailing list]:
"Customers who prefer not to receive offers, promotions and other information, may call 800-415-3200, e-mail at www.radioshack.com or write at RadioShack Circulation, 100 Throckmorton, Suite 300, Fort Worth, Texas 76102."
[Not giving personal data]:
"Rest assured RadioShack values its customers regardless of whether or not they choose to provide us with their name and address."
[From elsewhere on the site]:
Ethics Team at RadioShack
Phone: RadioShack Hotline: (800) 826-3915
Email: ethics@radioshack.com
Fax: (817) 415-3922
Mail: RadioShack Ethics Team
100 Throckmorton Street, Suite 813
Fort Worth, Texas 76102
I've never had any such problem myself. Anytime they or anyone else asks me for such things I look them straight in the eye and give them a clear and firm "No.", loud enough to make sure it's understood that I could have said it louder.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B