- Law25
- PersonalInformation
- 3 mins
The need to protect personal information is nothing new. The Act respecting the protection of personal information in the private sector (PA) was passed in Quebec in 1983, while the Personal Information Protection and Electronic Documents Act (PIPEDA) came into force in Canada in 2000.
At the time of their enactment, these two Acts were primarily intended to give individuals the right to access and, if necessary, rectify personal information held about them by third parties, including the various levels of government. These laws have since been amended to better adapt to today's technological reality and to regulate, among other things, how personal information is collected and used, and the rights of individuals regarding the management of this information by those who use it.
What exactly is personal information?
In Canada, under PIPEDA, personal information is any factual or subjective information, recorded or not, about an identifiable individual. This can be any type of information, for example:
- age, name, identification number, income, ethnicity or blood type;
- an opinion, assessment, comment, social status or disciplinary action;
- an employee's file, a credit or loan file, a medical record, the existence of a dispute between a consumer and a merchant, or a person's plan (for example, the intention to acquire goods or services or to change jobs).[1]
In Quebec, under the Act respecting the protection of personal information in the private sector (or Private Sector Act), three criteria determine what constitutes personal information. It must be a piece of information that makes something known about an individual and allows him or her to be identified.
Personal information includes:
- the identity of a person;
- Health Insurance Number ("HIN");
- licence plate number;
- an evaluation report;
- a video or audio recording of a person;
- a criminal record.
However, if a single piece of information may seem trivial, it can, when combined with others, make it possible to identify an individual.
In this context, this information constitutes personal information.[2]
The specific descriptions offered above are partial. Personal information also includes other identifiers such as, but not limited to:
- Social Insurance Number ("SIN")
- Driver's licence number
- A student number in an educational institution
- A customer number
- A phone number
- A physical address (residence or work)
- An email address
It is also essential to understand that the laws cited above are not only intended to protect customers and members of an organization or business: they also apply to information that identifies the organization's personnel. Every company or organization therefore has an obligation to protect both the personal information of its customers and that of its employees, regardless of whether the latter are employees or volunteers.
The measures that the organization will need to adopt vary significantly depending on the nature of the personal information it holds and the use it makes of that information. If you are unsure about the nature of the personal information you hold or what steps to take under the law, you should seek legal guidance.
Legal Disclaimer. Nexop may from time to time provide information and resources to users, including, but not limited to, references to the law or to legal resources. The provision of such information or references should in no way be construed as the provision of legal advice or guidance. Nexop encourages users to consult a lawyer for legal advice or guidance in connection with content offered by Nexop.
CLICK BELOW TO BOOK YOUR FREE CONSULTATION:
[1] Office of the Privacy Commissioner of Canada, "Overview of PIPEDA Rev. May 2019
