Canada’s Privacy Act “Lags Woefully Behind”

6 Oct ’05

Canada’s Privacy Act, which deals with federal public sector data protection, lags “woefully behind” and needs a “major overhaul”, according to the 2004-2005 annual report on the Act released today by Jennifer Stoddart, the federal Privacy Commissioner. The news release is here. Points highlighted in the news release:

  • There are gaps in the Privacy Act’s coverage. Many institutions, including the Office of the Privacy Commissioner of Canada, are not subject to privacy law.
  • Under the Privacy Act, only those present in Canada have the right to seek access to their personal information. This means airline passengers, as well as immigration applicants, foreign student applicants, and countless other foreigners with information in Canadian government files, have no legal right to examine or correct erroneous information, to know how their information is used or disclosed, or to complain to the Commissioner.
  • Although government use of data matching arguably poses the greatest threat to individuals’ privacy, the Privacy Act is silent on the practice. Government institutions should be obligated to link personal records in discrete systems only when demonstrably necessary, and under the continued vigilant oversight of the Commissioner.
  • Complainants may only seek a Court review of, and remedies for, denials of access to their personal information. This means that allegations of improper collection, use and disclosure may not be challenged before the Court, and the subsequent benefit of the Court’s guidance on all government institutions is lost. Nor does the Privacy Act contemplate remedies for any damages caused by government actions.
  • The report is here (pdf format here).

    Previous post:

    Next post: