There is no special provision for using previously collected personal information in either the federal PIPEDA (Personal Information Protection and Electronic Documents Act) or BC or Alberta's PIPAs (Personal Information Privacy Act), i.e. what is called a "grandfather clause". However, I was told by BC government privacy commision trainer that it will be reasonable to re-use previous information as long as it is used for what it was originally intended, either express or implied.
For example, imagine a major telco or cable company re-sending out forms of some type to obtain consent. Or imagine a government agency having to do the same. It would be simply infeasible. When they drafted the recently enacted PIPAs in BC and Alberta, they talked to many large corporations apparently and got input on what would be reasonable use. I think this may be even in the act somewhere. One of the main rules of the PIPA for BC, which all other rules must be also applied against (a "master" rule, if you will), is that it must be what a reasonable person would do--being reasonable is key with this legislation, we would hope.
This page has some information about the lack of a grandfather clause in the legislation. http://www.pwcglobal.com/extweb/mani ssue.nsf/DocID/F64B1755F2E4447D85256B7900623D9D
Also remember that this legislation is very new (in the case of the PIPAs), or in the case of the federal PIPEDA, the update is quite new, and it's important to note that it will really matter once it gets tested in court and precedence is set. This case with the CRIA (Canadian equivalent of the RIAA) should provide some of that, though the acts do provide for any legal investigation to simply bypass all the consent and Shaw has already said that they won't try to stop that.
I think this was just another example of the lack of thought the author put into the original post (see http://yro.slashdot.org/comments.pl?sid=96766&cid= 8275020). "Race" is a hot-word here, perhaps grabbing more attention than it should have.
To my knowledge--very inextensive, I admit, since I only know of a small portion of government in BC--I have never heard of any database containing someone's race, except perhaps police or RCMP (which may have a slight reason but is still a sensitive issue).
In the U.S. (or even secretively in Canada probably), however, I would have no doubt in my mind that some of the databases contain that information to aid in "anti-terrorist" uses. Proof might be how they knew who to round-up (it was muslims or arabs or both, I can't remember) last year in California under the guise of terrorism and just detained them for that reason.
You are exactly right, in fact, apparently the legislation for BC and Alberta's PIPAs was drafted with extensive synergy and only differs in a few areas such as health information, which makes sense since the those information systems are different.
It is my understanding that this legislation was draften largely by the two provinces and was just as of Jan. 1 '04 a federal requirement that either a province or territory adopt the federal legislation (PIPEDA) or their own similar, such as PIPA in BC. Quebec had their own already, some Eastern provinces are in the process of getting theirs approved, but other than those, BC, and Alberta, the rest by default use the federal laws for protection of personal information.
I agree that this new legislation (ammendments to PIPEDA and also the PIPAs) makes leaps and bounds in that it now applies to not only governments, not only corporations, but even non-for-profit organizations. Yes, your local soccer club must by law carefully deal with the collection, use, and disclosure of personal information!
The consent issue is one I like, but I feel still doesn't say enough. There are new requirements for having consent for the use of disclosure of privacy information, and opt-in vs. opt-out policies. What I would like to see is the addressing of fees, i.e. why should I have to pay to have my name not in the telephone directory?
Did you just attend the Security and Privacy conference in Victoria yesterday? I hope you didn't just horribly mislead the Slashdot hordes by citing the dates off the top of your uninformed head instead of basic research. (This conference had discussion about various privacy legislation.)
Specifically, the federal Privacy Act came into effect July 1, 1983, the federal PIPEDA (Personal Information Protection and Electronic Documents Act) came into effect January 1, 2001, and the BC provincial PIPA (Personal Information Privacy Act) came into effect January 1, 2004. What it is important is that "[a]s of January 1, 2004, the [Personal Information Protection and Electronic Documents] Act will cover the collection, use or disclosure of personal information in the course of any commercial activity within a province, including provincially regulated organizations. The federal government may exempt organizations or activities in provinces that have their own privacy laws if they are substantially similar to the federal law." PIPEDA has been in place for a few years now, it just got extended to corporatations; BC now has their own overriding legislation as well.
See here for more details: http://www.privcom.gc.ca/fs-fi/02_05_d_1 5_e.asp
I also thought your post was a horrible summary of the various pieces of legislation and their consequences, but that's just my opinion. I'd suggest next time using the official government propoganda. Even your first sentence managed to probably be incorrect--PIPA (and probably PIPEDA, I'm not sure) does protect your personal information that is public as well, in terms of reasonable use (i.e. I believe telemarketers aren't allowed to go through the telephone directory).
Slashdot Mirror
There is no special provision for using previously collected personal information in either the federal PIPEDA (Personal Information Protection and Electronic Documents Act) or BC or Alberta's PIPAs (Personal Information Privacy Act), i.e. what is called a "grandfather clause". However, I was told by BC government privacy commision trainer that it will be reasonable to re-use previous information as long as it is used for what it was originally intended, either express or implied.
i ssue.nsf/DocID /F64B1755F2E4447D85256B7900623D9D
For example, imagine a major telco or cable company re-sending out forms of some type to obtain consent. Or imagine a government agency having to do the same. It would be simply infeasible. When they drafted the recently enacted PIPAs in BC and Alberta, they talked to many large corporations apparently and got input on what would be reasonable use. I think this may be even in the act somewhere. One of the main rules of the PIPA for BC, which all other rules must be also applied against (a "master" rule, if you will), is that it must be what a reasonable person would do--being reasonable is key with this legislation, we would hope.
This page has some information about the lack of a grandfather clause in the legislation.
http://www.pwcglobal.com/extweb/man
Also remember that this legislation is very new (in the case of the PIPAs), or in the case of the federal PIPEDA, the update is quite new, and it's important to note that it will really matter once it gets tested in court and precedence is set. This case with the CRIA (Canadian equivalent of the RIAA) should provide some of that, though the acts do provide for any legal investigation to simply bypass all the consent and Shaw has already said that they won't try to stop that.
Regards,
Casper
Here is a link to that California incident I found:u ndreds.h tml
http://www.why-war.com/features/2003/07/h
I think this was just another example of the lack of thought the author put into the original post (see http://yro.slashdot.org/comments.pl?sid=96766&cid= 8275020). "Race" is a hot-word here, perhaps grabbing more attention than it should have.
To my knowledge--very inextensive, I admit, since I only know of a small portion of government in BC--I have never heard of any database containing someone's race, except perhaps police or RCMP (which may have a slight reason but is still a sensitive issue).
In the U.S. (or even secretively in Canada probably), however, I would have no doubt in my mind that some of the databases contain that information to aid in "anti-terrorist" uses. Proof might be how they knew who to round-up (it was muslims or arabs or both, I can't remember) last year in California under the guise of terrorism and just detained them for that reason.
You are exactly right, in fact, apparently the legislation for BC and Alberta's PIPAs was drafted with extensive synergy and only differs in a few areas such as health information, which makes sense since the those information systems are different.
It is my understanding that this legislation was draften largely by the two provinces and was just as of Jan. 1 '04 a federal requirement that either a province or territory adopt the federal legislation (PIPEDA) or their own similar, such as PIPA in BC. Quebec had their own already, some Eastern provinces are in the process of getting theirs approved, but other than those, BC, and Alberta, the rest by default use the federal laws for protection of personal information.
I agree that this new legislation (ammendments to PIPEDA and also the PIPAs) makes leaps and bounds in that it now applies to not only governments, not only corporations, but even non-for-profit organizations. Yes, your local soccer club must by law carefully deal with the collection, use, and disclosure of personal information!
The consent issue is one I like, but I feel still doesn't say enough. There are new requirements for having consent for the use of disclosure of privacy information, and opt-in vs. opt-out policies. What I would like to see is the addressing of fees, i.e. why should I have to pay to have my name not in the telephone directory?
Regards,
Casper
Did you just attend the Security and Privacy conference in Victoria yesterday? I hope you didn't just horribly mislead the Slashdot hordes by citing the dates off the top of your uninformed head instead of basic research. (This conference had discussion about various privacy legislation.)
1 5_e.asp
Specifically, the federal Privacy Act came into effect July 1, 1983, the federal PIPEDA (Personal Information Protection and Electronic Documents Act) came into effect January 1, 2001, and the BC provincial PIPA (Personal Information Privacy Act) came into effect January 1, 2004. What it is important is that "[a]s of January 1, 2004, the [Personal Information Protection and Electronic Documents] Act will cover the collection, use or disclosure of personal information in the course of any commercial activity within a province, including provincially regulated organizations. The federal government may exempt organizations or activities in provinces that have their own privacy laws if they are substantially similar to the federal law." PIPEDA has been in place for a few years now, it just got extended to corporatations; BC now has their own overriding legislation as well.
See here for more details:
http://www.privcom.gc.ca/fs-fi/02_05_d_
I also thought your post was a horrible summary of the various pieces of legislation and their consequences, but that's just my opinion. I'd suggest next time using the official government propoganda. Even your first sentence managed to probably be incorrect--PIPA (and probably PIPEDA, I'm not sure) does protect your personal information that is public as well, in terms of reasonable use (i.e. I believe telemarketers aren't allowed to go through the telephone directory).
Regards,
Casper