The purpose of this section of the Privacy volume is to provide
guidelines for the interpretation and application of the Act and the relevant
regulations and policies. These guidelines are intended for use by public
servants in their day-to-day administration of the Privacy Act, but may
be a useful reference for others on the Privacy Act issues related to
privacy.
The Privacy Act and Regulations and the policy on Privacy
and Data Protection govern the collection, use, disclosure, correction,
protection, retention and disposal of personal information, including informing
the public about the government's collection and use of personal information,
and providing individuals access to information about themselves. The underlying
principle is that individuals have a basic right to control over their personal
information; they have a right to know why their information is collected by the
government, how it will be used, how long it will be kept and who will have
access to it. The Privacy Act also provides individuals with a basic
right of access to all of their personal information held by federal government
institutions, subject only to the limited and specific exclusions and exemptions
outlined in the Act. Decisions concerning the application of discretionary
exemptions must be made in light of the basic right of access and the need for
government to be accountable to the public for its handling of personal
information. These guidelines provide guidance on balancing the principle of
access with the need to protect those public and private interests expressed in
the exclusion and exemption provisions of the legislation.
The Privacy Act was passed in June 1982 and
proclaimed in force on July 1, 1983. All institutions listed in the
schedule to the Act are subject to its provisions as well as to the provisions
of the Privacy Regulations. All institutions listed in the schedule are
also subject to the policy on Privacy and Data Protection, with the exception of
the Bank of Canada (subsection 71(2)).
The Privacy Act is contained in Chapter 4-1. The
Regulations and accompanying schedules are contained in Chapter 4-2.
Act (loi) - means the Privacy Act.
Applicant (requérant) - is an individual who
has requested access to personal information about himself or herself, who has
requested that a correction be made or a notation attached to personal
information, or who is exercising his or her right under the Act to review by
the Court. (requestor)
Complainant (plaignant) - is an individual
who has submitted a complaint to the Privacy Commissioner under the Privacy Act.
Court (cour) - means the Federal Court B
Trial Division.
Designated Minister (ministre désigné) -
for the purposes of the Act is the President of the Treasury Board.
Excluded information (renseignements exclus) -
is information to which the Act does not apply, and is described in Chapter 2-8.
Exemption (exception) - is a provision of the
Act which either requires or allows the head of the institution to refuse to
disclose information requested under the Act. Exemptions are discussed in
Chapter 2-9.
Government institution (institution fédérale) -
means any federal government department, ministry of state, body or office
listed in the Schedule to the Act. Whenever the term "government
institution" is used in these guidelines, responsibility for the action or
decision lies with either the head of the institution or an employee of the
institution delegated by the head to make such decisions.
Personal information bank (fichier de renseignements
personnels) - means a collection or grouping of personal information under
the control of a government institution which has been used, is being used or is
available for use for an administrative purpose, or is organized or intended to
be retrieved by the name of an individual or by an identifying number, symbol or
other particular assigned to an individual.
Personal information (renseignements personnels) -
is defined in section 3 of the Act. This definition, although lengthy, is
not exhaustive, as indicated by the introductory phrase, "including,
without restricting the generality of the foregoing", prior to the list of
examples. Information which is not specifically mentioned in the list may still
be included in the definition of personal information if it qualifies as
"information about an identifiable individual". Additional examples of
personal information would include information about an individual's sexual
preference, income or political affiliation.
Paragraphs (j), (k), (l) and (m) of the definition place
certain limitations on the definition of personal information for the purposes
of the restrictions on use and disclosure contained in sections 7 and 8,
the exemption provision contained in section 26, and the exemption
contained in section 19 of the Access to Information Act. Therefore,
information concerning the position or functions of a government employee (j);
information about the services performed by an individual under contract for a
government institution (k); information about a discretionary benefit of a
financial nature (l); and information about an individual who has been deceased
for more than twenty years (m) are not protected by the use and disclosure
provisions of the Act.
The limitations in paragraphs (j), (k) and (l) reflect the
principle that the government's accountability to the public means that the
public should have access to certain information concerning the public service,
government contracts for services and the government's granting of discretionary
financial benefits. The exclusions in these paragraphs should be
interpreted narrowly, bearing in mind the Act's purpose to protect privacy. Thus
these paragraphs should be applied to factual information related to the
position, the contract or the discretionary benefit only. Assessments of an
individual's job performance, conflict of interest declarations, or reports of
disciplinary actions relate to the individual, not to the position, and would
therefore not be included in the exception. The granting of a license or permit
has to be discretionary and must confer a direct financial benefit on the
individual in order to be removed from the protection of the Act. The granting
of a license or permit is not considered discretionary if everyone who satisfies
a set of objective requirements is given the license or permit, or if those who
will receive the license or permit are determined by some other objective means,
such as a lottery system.
The limitation in paragraph (m) reflects the concept that
the privacy interest declines with time after the death of an individual.
Under the control (relever de) - Personal
information is considered to be under the control of a government institution
when that institution is authorized to grant or deny access to it, to direct its
use and, subject to the approval of the National Archivist, to dispose of it.
Personal information which is in the possession or custody of an institution,
whether at headquarters, regional, satellite or other office, either within or
outside Canada, is presumed to be under its control unless there is strong
evidence to the contrary.
|