The Act could include personal information protection principles similar to those under the Personal Information Protection and Electronic Documents Act to guide, support, and extend the protection of individuals’ personal information
The Privacy Act could incorporate a number of internationally recognized principles for protecting personal information, such as: (i) Accountability; (ii) Identifying purposes; (iii) Consent; (iv) Limiting collection; (v) Limiting use, disclosure and retention; (vi) Accuracy; (vii) Safeguards; (viii) Openness and transparency; (ix) Individual access; and (x) Challenging compliance. Adding such principles to the Privacy Act would set the baseline expectations for Canadians and federal public bodies as to how personal information should be managed and protected in the federal public sector. As well, since these principles would be consistent with those of the Personal Information Protection and Electronic Documents Act, this would harmonize federal regulation of the public and private privacy sectors.
For additional details and a more in-depth discussion on the rationale for adding principles to the Act, and what these principles could entail, please consult our annex here.
Consultation has concluded. Thank you for your contributions.