Slashdot Mirror


Canadian Privacy Act

Nos. writes "Yesterday, I happened upon an Act that came into effect in Canada on January 1, 2004. The Personal Information Protection and Electronic Documents Act protects almost every bit of personal information not publicly available. For example, your name, race, date of birth, income, etc. are protected where your address and telephone number are not (these are generally available in the telephone book). Some of the more interesting parts of the faq include such wonderful things as: '[businesses must] supply you with a product or a service even if you refuse consent for the collection, use or disclosure of your personal information unless the information is essential to the transaction'. Definitely a step in the right direction."

18 of 398 comments (clear)

  1. Fake data by CaptBubba · · Score: 5, Interesting

    Am I the only one who just spits out a random string of numbers when they ask for phone number or zip code info at the checkout?

  2. Not retroactive? by Raindance · · Score: 5, Interesting

    This looks like a good thing. However, in a quick glance-through of the act, I didn't see anything dealing with information already collected.

    Or if governmental agencies' practices are also influenced by the act.

    RD

  3. So hypothetically... by Tuxedo+Jack · · Score: 5, Interesting

    This could outlaw "drive-by" installs of spyware in Canada.

    --

    Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
  4. I wonder... by Anonymous Coward · · Score: 5, Interesting

    For example, your name, race, date of birth, income, etc. are protected where your address and telephone number are not.

    How are they going to call you without your name?

  5. Toothless? by Dachannien · · Score: 4, Interesting

    [businesses must] supply you with a product or a service even if you refuse consent for the collection, use or disclosure of your personal information unless the information is essential to the transaction.

    This is likely more toothless than you would think - or at least, if this were U.S. law, it would be - because things like your SSN, date of birth, or mother's maiden name would be described by the service provider as "necessary" because they "need" to do a credit check on you.

  6. Re:Government by Baron_Yam · · Score: 4, Interesting

    I don't even have to review the legislation to know that no matter how it is written, CSIS, the RCMP, and your local cop shop will ignore it if they feel the need.

    Your SIN is private, right? HEH. Nope. Now it's linked in government databases to everything. As someone who once had complete and total access to several sensitive (welfare client info) government databases - and was challenged appropriately by only ONE of dozens of sysadmins - I don't trust the government to protect a pile of dog feces.

  7. Car Dealerships... by MojoRilla · · Score: 5, Interesting

    I was at a Honda dealer trying to get service for my car, and when they asked for my address, I told them I didn't want any junk mail.

    They were flustered. They said there was no way to put me into the system without getting on a marketing list. Eventually I gave them a fake address.

    Go Canada. Stop this abuse.

  8. why all the disbelief? by Anonymous Coward · · Score: 5, Interesting

    Why is everyone asking if this is real? Do you think there are no laws in canada?
    My employer has been spending a few weeks getting all ouf our information complaint with this act, and pulled me off the phones for an information session.
    And tech support centers don't do things like that unless they are required to by law.

  9. Re:Radio Shack by stratjakt · · Score: 5, Interesting

    Dunno if you're being sarcastic or not, but I seriously had them refuse to sell me an AA battery, paying with cash, because I wouldnt give them all that info.

    I said "man, I dont have time for this, I'm trying to catch a train. I just need a battery for my walkman "

    And the guy said "Sir we cant sell anything without this information."

    I put the cash on the counter and the battery in my pocket, and said "whatever keep the change" and the guy threatened to call the cops.

    Radio Shack == fucked up.

    --
    I don't need no instructions to know how to rock!!!!
  10. Re:Great in theory... by shatteredpottery · · Score: 4, Interesting

    Some provisions make it relatively easy to sue companies for violating the strictures. It does look as though companies are taking it fairly seriously.

    For example, you know those "preferred customer" cards that most stores have? Well, the pharmacies at stores in Canada are refusing to take them, because of the possibility that the marketing info from the cards could be correlated with your prescription information. They have big signs up to this effect in the stores in my area, and they say this is to comply with the law.

    And Safeway (perhaps others as well) is hoping to develop a generic coupon system so you can get credit for the pharmacy purchases later. I suppose they'll hand you the coupon with your prescription, and you can present it at the cash register at a later date, so there's no way to correlate the pharmacy purchase with the money. They already do this with a couple of other things, so it wouldn't show as pharmacy purchases. Not really sure though.

    --

    A witty saying is worth nothing - Voltaire

  11. The Privacy Commission slaps a big bank around by Mr.Fork · · Score: 5, Interesting

    Being a Canadian, and being an advocate for privacy, I've always been fighting Banks and other companies about how they collect and 'store' my information without impacting my service. X Bank recently sent me a letter stating that if I didn't approve of their using my personal information, it could impact their ability to provide me services. (x = big non-customer focused bank).

    I promptly forward this to the Privacy office who responded back in just a week to both me and the X Privacy Department that:
    a) The Privacy Commission's opinion was that letter X sent to me implies that if I don't agree to let them collect information, I loose services. It then scolded X for forcing clients to agree to the new policy. Fork 1, X 0.
    b) X was warned to revise the letter to adhere to the new policy. Fork 2, X 0.
    c) X was to clarify their communications to the customers on what they mean by 'reduced services.' Fork 3, X 0
    d) X was to inform their clients of this new policy ASAP and apologize to me. Fork 4, X 0.

    X Bank has not contacted me to date (it's been four weeks). I closed my account with them today and informed the PC of the fact. When X bank asked why I was closing:
    "Sir, before I close this account may I ask why you're closing it?"

    "You don't know how to play the customer service game. The score is 4 to nothing."

    "Excuse me sir? I don't understand the answer and I need to put in something"

    "Fork 4, X 0 - put that in there"

    --
    Management is doing things right; leadership is doing the right things. - Peter F. Drucker
  12. The easiest way ... by stratjakt · · Score: 5, Interesting

    Is to vote with your wallet.

    I'm talking mainly about the retailers who ask for name, address, phone number, email etc, when you try to buy something.

    I went to Circuit City to buy a TV, took out enough cash to pay for it, walked in, told the guy which I wanted, and we walked to the little sales terminal. He asked "can I have your name and address?" And I said, "no, you can have $499 plus tax". He started telling me how the computer "requires" it.. Gimme a break.

    What you need to do is know when to walk away. I grabbed a sales circular by the door on my way out (because Best Buy would match the price)..

    In the states, I've noticed that Best Buy stopped asking, they must have got the message, for instance.

    It wastes the clerks time, annoys customers, and the marketing value of the collected data would come nowhere close to the amount of cold, hard, stinky cash walking out the door.

    It's just the tip of the privacy iceburg, sure, but it annoying, and a good place to start sending a message.

    --
    I don't need no instructions to know how to rock!!!!
  13. We had this 16 years ago by t_allardyce · · Score: 4, Interesting

    In the uk we have the Data Protection Act (of 1984 and redone in '98 AFAIK) which lays down rules about how your data is handled. Companies etc that collect data on you must be registered and must keep your data secure from others. Also you have the right to view all the data that anyone holds on you and ensure its accurate (except in a few situations such as police investigation), you can even see emails/memos about you and cctv tapes (again AFIAK). Even my old school is registered. There are afew other things which i forget but you can read about here

    --
    This comment does not represent the views or opinions of the user.
  14. the us and canada by circletimessquare · · Score: 4, Interesting

    someone smarter than me said it better than me... the border between canada and the us is a one way mirror: americans look north and see themselves, canadians look south and see everything they are not

    americans think of canadians as cute little fuzzy americans who got lost in an ice box... they tend to think of canadians patronizingly, paternalistically, if they even think of canadians at all

    canadians think of americans as scary warmongering orwellian pseudofascists a half heart beat away from doing something really scary that canada has to worry about... they tend to emphasize their differences with americans as much as humanly possible, and they tend to think about their relationship with america alot

    as an american, all i can say is the maple leaf state sure is a cold lonely place (chuckle)

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  15. PIPEDA by Necrotica · · Score: 5, Interesting

    I'm from Canada and two weeks ago my employer held a seminar regarding PIPEDA and what it means.

    The ramifications of it are quite enormous though as someone pointed out, it isn't retroactive. Canadian lawyers will make a killing as contracts are established/renewed will need to ensure that privacy is taken into account.

    There are a few interesting twists to it, though. For example, my company is planning on implementing a very strict policy regarding PIPEDA. But I am currently outsourced working at a client's site. The policy that I will have to follow will be the one that my client implements.
    I was also told that there are looser stipulations for international business. So if I'm doing business with an American resident, and the United States doesn't have a similar law, then I am not required BY LAW to follow my company's privacy policy.

    It'll be interesting to see how the government tweaks this in the future. I am very happy that something like this is finally in place.

  16. Sounds Good On Paper But.. by RedSynapse · · Score: 4, Interesting

    Here's an interesting example of how this law is already having unforseen effects.

    Guy calls the bank to activate his new credit card. At the beginning of the call he gets the obligatory "This call may be mointored for quality assurance purposes" message. The guy complains that he doesn't want to have his call monitored. The bank says well if you don't like it you can jam your card where the sun don't shine. Guy complains to the privacy commissioner. The privacy comissioner rules in favour of the guy and decrees that banks cannot monitor calls without consent as it violates our fabulous new privacy laws.

    The upshot? It's now much easier for theives and fraudsters to steal credit cards from mailboxes and activate and use them. The bank is no longer allowed to record what phone number is used to register the card, and if the fraudster has obtained other personal information about you (or fraudently applied for the card in your name) you and the bank are screwed. Go privacy!

  17. Here's my own personal Canadian Privacy Act by Txiasaeia · · Score: 4, Interesting

    I've registered my name in the phone book as my first initial of first two names and then my last name. I.e. H. J. Simpson. Since nobody actually calls me H. J., but prefers to use my real name (Homer), every time I get a call for my "telephone name," I know it's a telemarketer. Same thing goes for addressed mail. Haven't opened a piece of junk mail in years.

    --
    Condemnant quod non intellegunt.
  18. Re:The Privacy Commission slaps a big bank around by Kwil · · Score: 4, Interesting

    Thanks a lot.. ..by just leaving the Bank, you've basically given up your right to complain further on the matter. Had you stayed with them and made repeated requests to the Privacy Commissioner for your deserved apology, the bank would have continued to be letter slapped until it turned into government imposed fines.. which would have gotten their attention and possibly improved customer service for everyone.

    I know, not your responsibility, but it would have been nice for other folks having to deal with these guys.

    --

    That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze