You are here:
Privacy Law and Policy Reporter >>
 PrivLawPRpr 87
| Name Search
| Recent Articles
Canadian Standards Association --- "Canadian privacy Standards"  PrivLawPRpr 87; (1995) 2(7) Privacy Law & Policy Reporter 134
Canadian privacy Standards
Canadian Standards Association 'Implementing Privacy Codes
of Practice', 1995
The Canadian Standards Association has released a new report to
promote privacy standards in the private sector. Implementing
Privacy Codes of Practice is a comprehensive review of the
development and implementation of privacy codes. The report includes
the CSA Model Code and describes
methods for implementation.
The CSA Model Code is based on the following ten principles that
should apply to all technologies and types of businesses:
- Accountability: An organisation is responsible for
personal information under its control and shall designate a person
who is accountable for the
organisation's compliance with the
- Identifying Purposes: The purposes for which personal
information is collected shall be identified by the organisation
at or before the time the information
- Consent: The knowledge and consent of the individual
are required for the collection, use, or disclosure of personal
information, except where
- Limiting Collection: The collection of personal information
shall be limited to that which is necessary for the purposes identified
by the organisation.
Information shall be collected by fair and
- Limiting Use, Disclosure, Retention: Personal
information shall not be used or disclosed for purposed other
than those for which it was collected, except with the consent
of the individual as required by law. Personal information shall
be retained only as long as necessary for the fulfilment of those
- Accuracy: Personal information shall be as accurate,
complete and up-to-date as is necessary for the purposes for which
it is being used.
- Safeguards: Personal information shall be protected
by security safeguards appropriate to the sensitivity of the information.
- Openness: An organisation shall made readily available
to an individual specific information about its policies and practices
relating to its
handling of personal information.
- Individual Access: Upon request an individual shall
be informed of the existence, use, and disclosure of personal
information about the individual and
shall be given access to
that information. An individual shall be able to challenge the
accuracy and completeness of the information
and have it amended
- Challenging Compliance: An individual shall be able
to challenge compliance with the above principles with the person
who is accountable within the organisation.
David McKendry, National Director of Consumer Affairs Consulting
at Price Waterhouse and chair of the CSA's Technical Committee
Privacy, said 'Consumers need to be assured that their personal
privacy is not threatened in the information age.'
This is a comprehensive report that should be very useful to private
organisations that are planning to implement privacy codes.
report includes particularly useful tips for making privacy codes
work in practice such as organisational incentives for adopting
The report was prepared by Canadian privacy expert Colin Bennet
who is also author of Regulating Privacy: Data Protection and
Public Policy in Europe and the United States (Cornell 1992).
More information about the CSA report is available from firstname.lastname@example.org
Canadian Standards Association,
178 Rexdale Blvd., Etobicoke,
Ontario, Canada M9W 1R3.
Originally published in EPIC Alert, Volume 2.10, September
24, 1995, published by the Electronic Privacy Information Center
Washington, DC; E-mail email@example.com; URL http://www.epic.org/