Treasury Board of Canada, Secretariat - Government of Canada
Skip all menus Skip first menu
,  Français  Contact Us  Help  Search  Canada Site
     What's New  About Us  Policies  Documents  TBS Site
   Calendar  Links  FAQs  Presentations  Home
,
Chief Information Officer Branch
Information, Privacy and Security Policy Division
Privacy and Government
On-Line
PIA
e-learning tool
Overview
Course Outline
Introduction
Legislation/Policy
Defining PIAs
Process Overview
Key Stakeholders
Course Summary
Glossary
Glossary
Links
Manage/Monitor
PIA Assistant
Site Map

Find Information:
by Subject [ A to Z ] by Sub-site
Versions:  
Print Version Print Version
Related Subjects:
Assessment
Learning
Privacy
Feedback on Website
, 		,

Glossary Privacy Impact Assessment (PIA) e-learning tool,

administrative purpose

  • In the relation to the use of personal information about an individual, this means that the use of that information in a decision making process that directly affects that individual (Section 3 of the Privacy Act)

code of fair information practices

  • Sections 4 to 8 of the Privacy Act deal with the collection, retention, accuracy, disposal, use and disclosure of personal information
  • Originated from internationally accepted standards for protecting personal information developed by the Organization for Economic Co-operation and Development
  • Based on the principles that every individual should have the right to know
    • what personal information is being collected about him or her
    • when and how the personal information will be disposed of
    • how the personal information will be used
    • under what circumstances the personal information can be disclosed, and
    • how to obtain access to and/or correct personal information already on file

collection of personal information

  • No personal information shall be collected by a government institution unless it relates directly to an operating program or activity of the institution (section 4)
  • Institutions must not collect any more personal information than is demonstrably necessary to carry out the program or activity
  • Institutions must have Parliamentary authority for the program or activity that is usually contained in
    • an Act of Parliament or subsequent regulations, or
    • approval of expenditures proposed in the Estimates and authorized by an Appropriations Act
  • Institutions must collect personal information to be used for an administrative purpose* directly from the individual (subsection 5(1))
  • Institutions must inform the individual of the purpose for collecting the personal information (subsection 5(2)) unless
    • it would result in the collection of inaccurate information (paragraph 5(2)(a)), or
    • defeat the purpose or prejudice the use for which the information is collected (paragraph 5(2)(b))
* Administrative purpose means the use of personal information in a decision making process that directly affects that individual

common personal identifier

consent

  • Consent is not defined in PIPEDA or the Privacy Act, although the concept is explained extensively in Principle 3 of Schedule I of PIPEDA. Consent in the context of personal information means the agreement of someone to provide their personal information for the purposes identified to them. In some cases, consent may not be possible (e.g.: medical emergency) or may not be required (e.g.: collection by police of information relating to a suspect where the collection is not a search or seizure). Consent is generally given by a specific act of the individual, but sometimes it can be implied.
  • The consent of the subject individual allows institutions to use or disclose personal information for any purpose consented to by the individual. In other words, the consent of the individual removes the need to find a provision for use or disclosure under sections 7 or 8. Under the Privacy Act, consent does not remove the necessity for the program or activity that is collecting the information to have lawful authority and does not remove the necessity that the information being collected must be directly related to the program or activity. Consent by an individual to the use or disclosure of personal information may be sought either at the time of collection of the information or subsequently, when a specific need arises (although this is usually very difficult administratively, if there are many people affected by a new use).

data matching

  • An activity that involves comparing personal data obtained from a variety of sources, including personal information banks, for the purpose of making decisions about the individuals to whom the data pertains. To this extent, data matching is a specialized activity involving the collection, use and disclosure of personal information which is subject to the various requirements of the Privacy Act. Included in this definition of data-matching is data linkage, also known as data profiling.

Designated Minister

  • Such member of the Queen's Privy Council for Canada as designated by the Governor in Council as the Minister for the purposes of that provision (Section 3).

disclosure of personal information

  • Institutions may disclose personal information without the consent of the individual under circumstances specified in subsection 8(2)
  • Examples of permissible disclosures
    • purpose for which it was originally obtained or a use consistent with that purpose
    • Act of Parliament or regulation
    • subpoena or warrant
    • federal investigative body scheduled in the regulations
    • agreement between the Government of Canada and another organization
    • member of Parliament to assist constituent
    • research or statistical purposes
    • 'public interest'

government institution

  • Any department or ministry of state of the Government of Canada listed in the schedule or any body or office listed in the schedule to the Privacy Act.

Head (in respect of a Government Institution)

  • In the case of a department or ministry of state, the member of the Queen's Privy Council for Canada presiding over that institution.
  • In any other case, the person designated by order in council pursuant to this paragraph and for the purposes of this Act to be the head of that institution.

identifying number

  • Any identifier that is commonly used to identify a person, including the person's name, address, telephone number, Social Insurance Number, Personal Record Number, Individual Agency Number, any other identifying number, symbol or other particular assigned to the individual, or fingerprints or other biometric identifier.

personal information

It is information about an 'identifiable individual' that is recorded in any form including, without restricting the generality of the foregoing,

  1. information relating to the race, national or ethnic origin, colour, religion, age or marital status of the individual,
  2. information relating to the education or the medical, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved,
  3. any identifying number, symbol or other particular assigned to the individual,
  4. the address, fingerprints or blood type of the individual.
  5. the personal opinions or views of the individual except where they are about another individual or about a proposal for a grant, an award or a prize to be made to another individual by a government institution or a part of a government institution specified in the regulations.
  6. correspondence sent to a government institution by the individual that is implicitly or explicitly of a private or confidential nature, and replies to such correspondence that would reveal the contents of the original correspondence.
  7. the views or opinions of another individual about the individual.
  8. the views or opinions of another individual about a proposal for a grant, an award or a prize to be made to the individual by an institution or a part of an institution referred to in paragraph (e), but excluding the name of the other individual where it appears with the views or opinions of the other individual, and,
  9. the name of the individual where it appears with other personal information relating to the individual or where the disclosure of the name itself would reveal information about the individual,

but, for the purposes of sections 7, 8 and 26, and section 19 of the Access to Information Act, does not include,

  1. information about an individual who is or was an officer or employee of a government institution that relates to the position or functions of the individual including,
    1. the fact that the individual is or was an officer or employee of the government institution,
    2. the title, business address and telephone number of the individual,
    3. the classification, salary range and responsibilities of the position held by the individual
    4. the name of the individual on a document prepared by the individual in the course of employment, and,
    5. the personal opinions or views of the individual given in the course of employment.
  2. information about an individual who is or was performing services under contract for a government institution that relates to the services performed, including the terms of the contract, the name of the individual and the opinions or views of the individual given in the course of the performance of those services,
  3. information relating to any discretionary benefit of a financial nature, including the granting of a license or permit, conferred on an individual, including the name of the individual and the exact nature of the benefit, and
  4. information about an individual who has been dead for more than twenty years.

personal information bank

  • A collection or grouping of personal information that has been used, is being used or is available for use for an administrative purpose or is organized or intended to be retrieved by the name of an individual or by an identifying number, symbol or other particular assigned to an individual. (Section 3 and Section 10)
  • Periodic indexes of Personal Information Banks must be published in Info Source. (Section 11)

retention, accuracy and disposal of personal information

  • Institutions must retain personal information used for an administrative purpose for a period of time to allow the individual to whom it relates an opportunity to obtain access to it (subsection 6(1))
    • 2 years minimum unless the individual consents to earlier disposal
  • Institutions must take all reasonable steps to ensure that personal information is as accurate, up-to-date and complete as possible (subsection 6(2))
  • Institutions must dispose of personal information in accordance with the legal requirements specified in the Act and Regulations (subsection 6(3))
    • retention and disposal listed in Info Source
    • National Archives Act

substantially similar

  • To be considered substantially similar, any provincial legislation will have to contain, at a minimum, the 10 principles set forth in Schedule 1 to the Personal Information Protection and Electronics Act [Universal Principles] (Industry Canada has issued a statement on how the Governor in Council will decide whether a provincial law is substantially similar to federal law - Canada Gazette Part I, Sept. 22, 2001, p. 3618

use of personal information

  • Institutions must not use personal information under their control, without the consent of the individual, except for

    Consistent use means that the use must have a reasonable and direct connection to the original purpose for which the personal information was collected and it must be reasonable for the individual who provided the personal information to expect that it would be used in the proposed manner

Previous PageCourse summary

Listing of all web-site addressesNext Page

  ,
Date published: 2003-10-03
Date modified: 2003-09-26
Date reviewed: 2003-09-26
 Return to
Top of Page		 Important Notices