9. Modernizing transparency practices

CLOSED: This discussion has concluded.

Specific obligations could be added to the Act for federal public bodies to provide readily available explanations of their personal information protection practices and the information they have about individuals

The Privacy Act could require each federal public body to publish key information in an online, accessible, searchable personal information registry. Such a registry could contain the same type of information that is available through the current personal information bank regime, but in a more user-friendly format. It could also add further information such as summaries of privacy impact assessments, details about information-sharing agreements, and up-to-date personal information notices detailing how the information is used and disclosed in the context of specific programs and activities. In addition, to ensure that the information currently included in a personal information bank is easier to access and understand, federal public bodies could be required to publish an overview of their general practices that is accessible and in plain language in the personal information registry, similar to a privacy policy. Many federal public bodies already follow this best practice, publishing on their websites a general description of their privacy practices and commitments. 

Other new obligations aimed at ensuring greater transparency could include:

  • Enhancing transparency around indirect collections and secondary uses : The Act could contain new rules to clarify how a federal public body could satisfy a new “Identifying purposes” principle when there is no opportunity to notify an individual of the purposes for collecting personal information (for example, when indirect collection of personal information is authorized or when personal information is collected for new purposes not known or foreseen at the time of a direct collection). In these cases, a federal public body could be required to publish an updated “personal information notice” in the registry.

  • New proactive publication requirements : Federal public bodies could be required to publish their privacy management programs and any privacy impact assessments they carry out. As well, they could be required to publish annually information prescribed in regulations or government policy pertaining to all new information-sharing agreements entered into and all existing information-sharing agreements actively utilized each year.

Some exceptions to these transparency requirements would be necessary for specialized public sector activities such as law enforcement investigations, intelligence gathering, and national security activities. Where the publication of sensitive operational information is not possible, specific record-keeping requirements could be imposed to allow the Privacy Commissioner or other relevant review or regulatory bodies to play an oversight role. 

For additional details and a more in-depth discussion on the rationale for these suggested changes aimed at modernizing the Act’s transparency regime, please consult our more detailed annex here

Share on Facebook Share on Twitter Share on Linkedin Email this link

Consultation has concluded. Thank you for your contributions.

    <span class="translation_missing" title="translation missing: en-US.projects.forum_topics.show.load_comment_text">Load Comment Text</span>