Home | Databases | WorldLII | Search | Feedback Privacy Law and Policy Reporter

Canadian Standards Association --- "Canadian privacy Standards" [1995] PrivLawPRpr 87; (1995) 2(7) Privacy Law & Policy Reporter 134

Canadian privacy Standards

Canadian Standards Association 'Implementing Privacy Codes of Practice', 1995

The Canadian Standards Association has released a new report to promote privacy standards in the private sector. Implementing Privacy Codes of Practice is a comprehensive review of the development and implementation of privacy codes. The report includes the CSA Model Code and describes methods for implementation.

The CSA Model Code is based on the following ten principles that should apply to all technologies and types of businesses:

1. Accountability: An organisation is responsible for personal information under its control and shall designate a person who is accountable for the organisation's compliance with the following principles.
2. Identifying Purposes: The purposes for which personal information is collected shall be identified by the organisation at or before the time the information is collected.
3. Consent: The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
4. Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organisation. Information shall be collected by fair and lawful means.
5. Limiting Use, Disclosure, Retention: Personal information shall not be used or disclosed for purposed other than those for which it was collected, except with the consent of the individual as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.
6. Accuracy: Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is being used.
7. Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
8. Openness: An organisation shall made readily available to an individual specific information about its policies and practices relating to its handling of personal information.
9. Individual Access: Upon request an individual shall be informed of the existence, use, and disclosure of personal information about the individual and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
10. Challenging Compliance: An individual shall be able to challenge compliance with the above principles with the person who is accountable within the organisation.

David McKendry, National Director of Consumer Affairs Consulting at Price Waterhouse and chair of the CSA's Technical Committee on Privacy, said 'Consumers need to be assured that their personal privacy is not threatened in the information age.'

This is a comprehensive report that should be very useful to private organisations that are planning to implement privacy codes. The report includes particularly useful tips for making privacy codes work in practice such as organisational incentives for adopting privacy codes.

The report was prepared by Canadian privacy expert Colin Bennet who is also author of Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Cornell 1992).

More information about the CSA report is available from bankj@csa.mhs.compuserve.com

or

Originally published in EPIC Alert, Volume 2.10, September 24, 1995, published by the Electronic Privacy Information Center (EPIC) Washington, DC; E-mail info@epic.org; URL http://www.epic.org/