[CAD] Compliance with Provincial Privacy Law

 

The Office of the Privacy Commissioner of Canada states:

“Organizations that are subject to provincial legislation deemed substantially similar are exempt from PIPEDA with respect to the collection, use or disclosure of personal information occurring within the respective province. Accordingly, PIPEDA continues to apply to the collection, use or disclosure of personal information in connection with the operations of a federal work, undertaking or business in the respective province, as well as to the collection, use or disclosure of personal information outside the province.” - Source

This means that for provinces with provincial legislation that is deemed substantially similar to PIPEDA, following the above information found in Owl and PIPEDA will be generally sufficient in helping private practitioners achieve compliance. However, where these pieces of provincial legislation contain extra requirements not seen in PIPEDA, or other pieces of relevant legislation exist, private practitioners will need to be aware of these regulations as well. To help practitioners with this, we’ve developed a short FAQ article around regional legislation in each province, to help inform practices about how Owl can help them achieve compliance in their province.

Substantially Similar Provincial Legislation

In certain provinces, privacy, private sector or health legislation has been passed that has been deemed “substantially similar” to PIPEDA. The benefit of this designation is to prevent the imposition of an unnecessarily complicated dual regime of privacy regulations where avoidable. Industry Canada determined criteria in 2002 that decided whether provincial or territorial legislation would be considered to be substantially similar to PIPEDA. Under this policy, these laws could be considered substantially similar when they:

• Incorporate the ten principles in the National Standard of Canada entitled Model Code for the Protection of Personal Information (see Schedule 1 of PIPEDA) with special emphasis on the principles of consent, access and correction rights;
• provide for an independent and effective oversight and redress mechanism with powers to investigate; and
• restrict the collection, use and disclosure of personal information to purposes that are appropriate or legitimate.
• (Source: http://www.health.gov.on.ca/english/providers/project/priv_legislation/phipa_pipeda_qa.html)

It will be mentioned when provinces have legislation that is deemed substantially similar to PIPEDA. In such instances, only matters related to compliance specifically for that province’s legislation shall be referred to. For anything else, the Owl and PIPEDA section of this document can be referred to as information here will most likely also apply to the province. Also, clinics will still need to refer to PIPEDA if, as health information custodians, personal information is being disclosed to them from any other province or territory in Canada, or anywhere else in the world.

• Compliance with Privacy Laws in Alberta (PIPA)
• Compliance with Privacy Laws in British Columbia (PIPA)
• Compliance with Privacy Laws in Manitoba (PHIA)
• Compliance with Privacy Laws in New Brunswick (PHIPAA)
• Compliance with Privacy Laws in Newfoundland and Labrador (PHIA)
• Compliance with Privacy Laws in the Northwest Territories (HIA)
• Compliance with Privacy Laws in Nova Scotia (PHIA)
• Compliance with Privacy Laws in Nunavut
• Compliance with Privacy Laws in Ontario (PHIPA)
• Compliance with Privacy Laws in Prince Edward Island
• Compliance with Privacy Laws in Québec (APPIPS)
• Compliance with Privacy Laws in Saskatchewan (HIPA)
• Compliance with Privacy Laws in Yukon (HIPMA)