|
INFORMATION ABOUT PRIVACY LEGISLATION
Disclaimer: The information and comments on these pages were garnered and put together by the ASSA Computer Liaison and should not be taken as absolute fact. Please visit the links to confirm items referred to on this page. There are 4 Acts concerning privacy and collection of information that may (or may not) affect the ASSA.
FOIP Freedom of Information and Protection of Privacy Act When I contacted the FOIP Helpdesk to ask what our responsibilities were regarding electronic information I received this reply: "The Alberta FOIP Act does not apply to the Alberta Summer Swimming Association but the Federal Government Legislation, PIPEDA (Personal Information and Protection of Electronic document Act) may apply. " The purposes of the FOIP Act are: (a) to allow any person a right of access to the records in the custody or under the control of a public body subject to limited and specific exceptions as set out in this Act, (b) to control the manner in which a public body may collect personal information from individuals, to control the use that a public body may make of that information and to control the disclosure by a public body of that information, (c) to allow individuals, subject to limited and specific exceptions as set out in this Act, a right of access to personal information about themselves that is held by a public body, (d) to allow individuals a right to request corrections to personal information about themselves that is held by a public body, and (e) to provide for independent reviews of decisions made by public bodies under this Act and the resolution of complaints under this Act. Alberta Sport, Recreation, Parks and Wildlife Foundation is considered to be a public body. I'm not sure how ASSA would be termed. We (including Catherine) are not government employees working for the aforementioned public body. PIPA Personal Information Protection Act http://www.assembly.ab.ca/pro/bills/ba-status.asp?SelectBill=044 Bill 44, the Personal Information Protection Act was introduced in the Alberta Legislature on May 14, 2003 and will govern the collection, use, and disclosure of employee and consumer information in the private sector.
(2) Subject to subsection (3), this Act does not apply to a non-profit organization or any personal information that is in the custody of or under the control of a non-profit organization. (3) This Act applies to a non-profit organization in the case of personal information that is collected, used or disclosed by the non-profit organization in connection with any commercial activity carried out by the non-profit organization. A possible case where the act would apply to ASSA clubs would be selling of heatsheets for profit. PIPEDA Personal Information Protection and Electronic Documents Act http://www.privcom.gc.ca/legislation/02_06_01_e.asp I contacted the federal government (Privacy Commissioner) in the autumn of 2002 to find out what our responsibilities were when transferring registration information electronically. The answer I received was "Take reasonable precautions to safeguard your data". I believe that the ASSA Office computer is currently our least secure repository of electronic information. The Federal Government legislation will be superceded by the Provincial legislation if it is deemed "substantially similar". It appears the fed doesn't think it is (see letter below). I am not sure what he is talking about because when searching the entire Federal Government Act, the phrase "non-profit" cannot be found.
Ottawa, May 27, 2003 – The Privacy Commissioner of Canada, George Radwanski, yesterday sent the following letter to the Honourable David Coutts, Minister of Government Services, Government of Alberta, regarding Bill 44, the Personal Information Protection Act, Alberta’s proposed private-sector privacy legislation.
Dear Minister Coutts: Re: Bill 44 – Personal Information Protection Act As I am sure you know, as Privacy Commissioner of Canada, I am required under subsection 25(1) of the Personal Information Protection and Electronic Documents (PIPED) Act to examine provincial or territorial legislation and report annually to Parliament on "the extent to which the provinces have enacted legislation that is substantially similar to the PIPED Act." I expect that this reporting will be a key consideration for the Cabinet in determining whether it is appropriate to grant any given province an exemption on the basis of substantially similar legislation. I have reviewed Bill 44, the draft Personal Information Protection Act, and I think it important to inform you now, before it becomes law, that Bill 44 has a number of very grave deficiencies that would in my view make it impossible for the Government of Canada to recognize this legislation in its current form as substantially similar to the federal Personal Information Protection and Electronic Documents (PIPED) Act. <snipped out a bunch of non-relevant dribble here> Finally, I want to comment on the provisions concerning professional regulatory bodies and non-profit organizations. The Bill would permit the Lieutenant Governor in Council to delay or exempt application of the Act to these types of organizations. I would see no problem if the Act only applied to professional regulatory bodies and non-profits to the extent they engage in commercial activities – this is consistent with the PIPED Act – but to exempt them entirely would establish a lower level of protection than that provided by the PIPED Act. Some non-profit organizations collect highly sensitive information, including information about medical conditions. To allow non-profits to disclose this information for gain without consent would provide a lower level of protection than under the PIPED Act. In bringing these various deficiencies to your attention, I wish to emphasize that the issue is not one of debating the merits of the relevant provisions of this Bill in isolation. The issue is solely whether they provide a level and quality of privacy protection that is as good or better than the corresponding provisions of the PIPED Act. Clearly, they do not. Consequently, it would be my duty to recommend that the Bill in its current form could not be regarded as substantially similar. I appreciate the opportunity to provide these comments. If I or my Office can provide any further clarification or assistance, we would be glad to do so. Yours sincerely, (Original signed by) George Radwanski ----- End of The Letter ----- HIA The Health Information Act This legislation applies to the Custodians or their Affiliates of health care
information in Alberta. The ASSA would not appear to be considered a Custodian
or Affiliate by the definition found in the Act. ASSA members would therefore
have the right to refuse to supply us with individually identifying health information
(their health care number). |