While no major changes to the Personal Information Protection and Electronic Documents Act (PIPEDA) were recommended by the House of Commons Standing Committee on Access to Information, Privacy and Ethics during its presentation to Parliament last month, a few issues relevant to employers were discussed.
The committee held hearings between Nov. 20, 2006, and Feb. 22, 2007, as part of a statutory five-year review of PIPEDA, Canada’s federal privacy legislation. The committee followed these meetings with its fourth
Report to Parliament
in early May where it made 25 recommendations for updates to the act.
Although none of the recommendations were for dramatic changes, some issues were raised about personal information in the context of business transactions, collection of work product data and technologically limited exemptions for business contact information from the definition of personal information. There were also submissions for and against restrictions on the flow of personal information across the border.
Definition for ‘work product’ proposed
The committee recommended a definition of “work product” be included in PIPEDA — one that would not constitute “personal information” as defined in the statute. The work product exemption would allow organizations to collect certain information related to employment or business activities without having to obtain employee consent.
The committee also suggested that a technologically flexible definition of “business contact information” — including fax and e-mail, along with the currently exempted business address and telephone number — be added to PIPEDA. This would exclude a wider range of business contact information from “personal information,” consistent with current methods of business communications.
“I think it’s pretty clear that business contact information shouldn’t really be defined based on what sort of technology you’re using and so it only makes sense to have business e-mail addresses, for example, added to what is considered business contact information,” said Ariane Siegel, a communications and technology lawyer and partner with Gowling Lafleur Henderson LLP in Toronto. Siegel appeared before the parliamentary committee reviewing PIPEDA as a witness on behalf of the Information Technology Association of Canada.
No consent for business transactions
In addition, the committee suggested PIPEDA be amended to permit businesses to collect, use and disclose information, without obtaining prior consent, for the purposes of business transactions such as mergers or acquisitions.
The committee also decided against a recommendation for changes that would create new restrictions on the cross-border flow of personal information. So, organizations may continue to employ chiefly contractual means to protect personal information transferred to service providers or affiliated organizations outside of Canada.
Siegel says these recommendations, while not yet part of PIPEDA, give “good guidance in terms of where legislation is likely headed. I don’t think it does anything negative either for employers or employees. They’re really clarification issues. Over time we’ll have a better understanding of how PIPEDA works, what the impact is, especially in the employment context, and this helps to clarify and also streamline legislation.”
Kristan Wolfe is a Bowmanville, Ont.-based freelance writer.