Privacy Rights in Canada
Developed from The Privacy Handbook by Sara Levine.
Click a heading to expand the definition, or click again to collapse.
Use the menu on the right to navigate to a different help topic.
A privacy breach can occur in any number of ways:
- an organization’s database is hacked by an outsider;
- information is copied or taken by an insider;
- an employee without proper authorization views or uses personal information;
- a computer or a storage device (such as a smartphone, a CD, a disk or a memory stick) is lost or stolen;
- information is mistakenly sent to the wrong address, fax number, or email address;
- paper records containing personal information are not properly shredded before recycling or electronic storage media are not securely destroyed before disposal;
- an organization is a victim of pretexting by an individual who uses some personal information to trick an employee into believing that it is appropriate to give out more personal information, for example by posing as the individual or some other authorized person.
How can you tell if you might be a victim of identity theft?
Unfortunately you can be a victim of identity theft for some time before you find out. Look for the following strange occurrences, which might indicate that you have been a victim of identity theft:
- You are sent a bill addressed to you by a company for services you did not apply for;
- A bank or credit card company informs you that it received an application for credit in your name, or you have been approved or denied credit, when you did not apply for the credit;
- You no longer receive credit card statements;
- You notice that not all of your mail has been delivered lately;
- A collection agency calls about a debt you have never incurred; or
- There are changes to your credit rating.
What should you do if you suspect you are a victim of identity theft?
There are certain practical steps you can take if you think you have been a victim of identity theft. Before you start, make sure you keep a record of every step you take in reporting the crime and re-establishing your reputation and your credit record. Keep a record of all the expenses you incur while doing so. The record of your efforts and expenses may be necessary to prove to some creditors that you did not actually incur the particular debt. It will also be useful evidence if you are able to sue for recovery of your losses.
- Report the crime to the police immediately.
- Ask for a copy of the policy report so that you can provide proof of the theft to other organizations you will need to contact.
- Call your bank, credit card companies and other service providers (phone, cable, internet, utilities) to cancel your accounts and cards and get replacements. Confirm all recent activity on your accounts. Choose password for your accounts that are difficult to find out- do not use your mother’s maiden name. Ask whether any new accounts have been opened in your name. Do a follow up check on this in three months.
- Report the loss or theft of government documents to the issuing authority. Documents issued by the federal government include your passport and your Social Insurance Number. Documents issued by provincial and territorial governments include your Driver’s license and Care Card.
- Contact Canada Post to ensure your mailing address has not been changed or to correct any fraudulent changes.
- Contact PhoneBusters, the Canadian Anti-Fraud Call Centre at 1-888-495-8501.
- Contact the credit reporting agencies (Equifax or TransUnion)to have a fraud alert put onto your credit record to reflect the identity theft. Do a follow-up check three months later.
Credit reporting agencies are private businesses that provide credit grantors (such as banks and loan companies) with information about your credit records, which the grantor uses to assess your creditworthiness. Most credit grantors will not extend credit without checking your record at one or more of the credit reporting agencies.
Social networking sites
The purpose of social networking sites is to make the information in your profile available to as many people as possible, so as to create a wide network of connections. Because of that, these sites are very useful for those who want to covertly gather information about people.
Some sites restrict who can join some by limiting the users to those over 16, others by requiring a new user to show they are a member of a given community, or be invited to join by an existing user. But many sites are open to all registered users, which can include businesses, corporations, and others.
What kind of information on a social networking site could put you at risk?
Many profile registrations prompt users to include information about themselves. Information from an average profile that can expose you to risk includes:
- Your name;
- Your birthday;
- Where you were born and what city you live in now;
- Your religion;
- The schools you attend or graduated from;
- Your work history;
- Where you work now;
- Your relationship status;
- Your interests, experiences and habits; and
- What you look like.
Who can see the information on your profile?
The default privacy settings on most social networking sites allow a great deal of information to be displayed to anyone who views a profile page. This means that unless you change the default settings, you automatically agree to make all the details of your profile visible on the profile page, and available for download by any person who views the page. However, following the increased publicity over privacy on social networking sites, many customizable options are available. Check the ‘settings’ and ‘privacy’ tabs on your account to see and change your settings.
The search tools on each site differ, and some permit the general public to search the whole database. Often these searches can be very specific, filtering down to even a specific school, name, email address or postal code.
One important thing for users of these sites to remember is that whatever you post can be available for all the world to see, and people will form opinions about you based on what you post. Pictures you post on the Wall or comments you make about hating your job could come back to haunt you.
The Information from the Information and Privacy Commissioner of Ontario has provided information about how social networking sites can impact your job opportunities and how to manage your online reputation.
Social networking sites can be used for identity theft
Identity thieves can get enough information from your profile to enable them to impersonate you and use your identity information to commit other crimes.
Other types of criminals can get enough information from a profile to know, for example, your first and last name, the dates when you are away on vacation, that your house may be empty and what city you live in.
The security questions used by other sites to verify your identity can often be answered using information that can be gleaned from your social networking profile; for example your mother’s maiden name, the name of your pet, the make of your first car, the name of your street.
What about website developers, software applications and advertising?
Website developers are generally responsible for creating and managing the website. Under privacy laws an organization has a number of duties to ensure that information is kept secure, and not collected, used or disclosed without the individual’s informed consent. Often the privacy policies of these sites are vague and complex, the organizations do not get adequate consent from individuals, and they use and disclose users’ personal information to advertisers and marketers.
Third party applications
Many applications by third party software developers are given access to all the personal information in your profile when you add the application to your account. For example, Facebook permits third party developers to make their own software available on social networking sites to be downloaded by users and used on the site. The applications available include such things as games, dating applications, greeting card applications, and more.
Websites do not always have clear directions on how to opt-out, or make their process or even their instructions easy to find on their site. Sometimes the developer requires you to give access to all your personal information in order to use the application and will not allow you to opt-out at all. In some cases a third party application may get access to your friends’ personal information as well. Be aware when you download new games or cute questionnaires or other applications that you may be exposing more of your personal information than you intend, and that the developer may be mining your list of friends for personal information about others.
It is recommended that you read the policies of the developer of the application and choose new applications carefully.
Many social networking sites now sell advertising space to businesses by permitting them to target their advertising based on the detailed demographic information that is available in each profile. The advertisements will be targeted to you based on your profile, and the business will receive from the website detailed information about the number and type of users who view the ad.
Do social networking sites obey privacy laws?
In July, 2009, the Office of the Privacy Commissioner of Canada released the following findings in relation to the Facebook complaint. The case summary is here.
Excerpt from ‘Findings and Conclusions’:
- On four subjects (e.g. deception and misrepresentation, Facebook Mobile), the Assistant Commissioner found no evidence of any contravention of the Act and concluded that the allegations were not well-founded. On another four subjects (e.g. default privacy settings, advertising), the Assistant Commissioner found Facebook to be in contravention of the Act, but concluded that the allegations were well-founded and resolved on the basis of corrective measures proposed by Facebook in response to her recommendations.
- On the remaining subjects of third-party applications, account deactivation and deletion, accounts of deceased users, and non-users personal information, the Assistant Commissioner likewise found Facebook to be in contravention of the Act and concluded that the allegations were well-founded. In these four cases, there remain unresolved issues where Facebook has not yet agreed to adopt her recommendations. Most notably, regarding third-party applications, the Assistant Commissioner determined that Facebook did not have adequate safeguards in place to prevent unauthorized access by application developers to users personal information, and furthermore was not doing enough to ensure that meaningful consent was obtained from individuals for the disclosure of their personal information to application developers.
How to protect your privacy on social networking sites
- Never give out information like your birthday, full name, phone number, Social Insurance Number or address. This information is a gift for identity thieves and other criminals.
- Consider joining a closed network rather than an open one. Find out if others can see your profile without your consent and if possible change your privacy settings.
- Choose the most restrictive security settings available.
- Don’t use third party applications unless you can be sure that you can opt-out.
- Don’t expect total privacy. Read the privacy statement and policies to learn how much control the site will give you. Some sites allow all registered users to view all the information you post on your site with no exceptions.
- Most sites are subject to search warrants and other forms of legal compulsion and will make personal information available to authorities if required by law to do so.
Spam, spyware and other malware
What laws apply?
If you receive an unsolicited commercial email, you can complain to the Privacy Commissioner. Both laws require an organization to get an individual’s consent prior to collecting, using or disclosing their personal information, so spyware that does not get your consent before it operates on your computer system is in breach of those requirements. If your personal information has been collected, used or disclosed without your consent by an organization through the use of spyware you can complain to the Information and Privacy Commissioner of BC.
Consumer protection laws
Th Business Practices and Consumer Protection Act (BC) makes it illegal for any person who supplies goods or services or who solicits, advertises or promotes the supply of goods or services to do anything which could deceive or mislead a consumer. A supplier who is an individual can be fined up to $10,000 or imprisoned for up to 12 months or both. Corporations can be fined up to $100,000. A judge has the power to increase the fine in some circumstances and also has the power to order a person or company that breaks the law to pay money to the deceived consumer as compensation, if the consumer is not otherwise suing for damages.
Click here for more information on Consumer Protection.
Under the Competition Act, you can sue any company for making false or misleading representations for the purpose of promoting its business interests or its products. If you win the lawsuit, you could win a sum of money as damages. Section 52(1)(e) prohibits that type of business practice. Section 36 gives an individual the right to sue an organization for breaching s. 52(1).
You can also file a complaint with the Competition Bureau about the company, stating that it has made a false or misleading representation for the purpose of promoting its product or business interest. If you file a complaint, the Commissioner of Competition can investigate, and if he considers it appropriate, can go to court for an order requiring the company to stop. Fines may be ordered in some circumstances- see Section 74.01(1).
Click here to visit the Competition Bureau of Canada
Bringing these types of actions under these laws would be a fairly new type of claim. For that reason, and because of certain technical requirements in relation to time limits and proving your case to the standard that must be met in any civil action, it is recommended that you consult a lawyer as soon as you believe you have suffered damage from spyware and decide you might want to sue under either the Business Practices and Consumer Protection Act or the Competition Act.
- Consumer assistance is available here at the federal government’s Complaint Courier Consumer Gateway
- The Public Interest Advocacy Centre wrote an excellent report on spyware and consumer rights
- The Canadian Internet Policy and Public Interest Clinic has a useful Spyware FAQ sheet
How can you protect yourself from spam?
Never reply to spam. The simplest and most important method of protecting yourself from spam is to just delete it without opening the email. Do not open emails from sources you don’t know. If you open an email and discover it is unsolicited commercial email, do not reply.
Legitimate businesses never send emails to their customers requesting sensitive personal information. If you receive an email claiming to be from a company you have done business with and it asks you to provide personal information by email, do not reply to it.
Instead, contact the company by phone using the number listed in the phone book or on their website. Do not use any number for the company that is provided in the email (if the email is a fraud, the phone number will be too). Tell the company about the email, so they can take steps to stop the spam and warn the public.
It is very important to protect your computer by using security software and firewalls. You may also wish to have two or more email addresses: one for your trusted personal or business contacts, the other for personal email.
Online tracking: Cookies
However you can stop or disable cookies through your browser settings. Go into the ‘Tools’ menu, click on ‘Options,’ and click on the ‘Privacy’ tab. If you want to remain completely anonymous you can browse websites through programs such as Tor. It is important to note that this may impair the functionality of the website you are trying to visit- some sites do not work without cookies.
There are also different types of cookies, including persistent ID cookies which exist long after the user has left the site, and session cookies which expire when you close your browser. Secure cookies are used on ‘HTTPS’ sites and are encrypted. There are also first-party cookies, which belong to the website you are visiting, and third party cookies, which belong to a different domain but are hosted on the website you visit (content from third party domains include banner ads).
Intercepting private communications
It is also an offence to disclose private communications, and to possess equipment for the purpose of intercepting private communications except if it is permitted by a superior court judge for law enforcement purposes. A private communication includes a communication by telephone, internet, or other technology.
In certain limited situations, intercepting private communications is allowed. For example, a telephone or internet service provider is allowed to intercept private communications for the purposes of providing service, for quality control, managing the system or protecting against harm to the system.
Police may intercept a private communication without a warrant if there is an urgent risk of bodily harm. In any other situation, police or intelligence agents need a warrant and must go to a judge, and give specific information to enable the judge to exercise his or her discretion to set limits on the privacy intrusion permitted under the warrant.
Video surveillance in the private sector
In March 2008, the Privacy Commissioner of Canada, together with the Information and Privacy Commissioners of BC and Alberta issued some useful video surveillance guidelines to private sector organizations for the use of overt video surveillance.
These guidelines are not legally binding, but are the Commissioners’ recommendations for what organizations should do to make sure they follow the law. It is therefore strongly recommended that organizations subject to PIPA and PIPEDA follow these guidelines.
What does a private sector organization have to do when it uses video surveillance?
These guidelines specify that when organizations in the private sector use video surveillance, they must at minimum, comply with the requirements of PIPA (BC or Alberta) or PIPEDA.
This means they should:
- post a notice about the use of the cameras which is visible at or before the time the individual enters the premises, so that the individual may chose not to enter if they do not wish to consent to being videotaped. The organization can assume that you have consented to being videotape if you go past the notice and into the premises (this is called implied consent);
- limit the collection, use and disclosure of information collected by the video camera. This means that it should be positioned to capture images only of the area which is the object of the surveillance and not images of other areas, such as the sidewalk outside a retail shop, where images of passers-by could be captured;
- not use cameras where people have a heightened expectation of privacy, such as in washrooms or showers, and not focus them into private residences;
- ensure that the set-up of cameras does not allow employees to change or adjust the direction or focus to capture these types of images;
- ensure that the recording is used or disclosed for authorized purposes only;
- ensure that the operators are trained to understand their obligations under privacy law;
- protect the security of the information;
- ensure, when granting access, that the personal information of others which might be contained in the same recording is protected;
- keep the recording only so long as necessary to fulfil the purposes for which the information was collected and destroy it when it is no longer needed. The method of destruction should ensure that the information is obliterated so it remains secure; and
- retain the recording for a minimum of one year if it was used to make a decision about an individual, to enable the individual to request access.
Individuals whose images are captured on the recording have a right to request access to that recording under privacy laws.
Audio recording is generally not allowed. If the recording captures sound, the organization must consider the Criminal Code provisions dealing with intercepting private communications.
Organizations should have a video surveillance policy addressing the key issues discussed above. Organizations should also periodically assess their use of surveillance to ensure it meets the standard set out in the decisions of the Privacy Commissioner. That standard requires an organization to ask itself three questions: whether the surveillance is effective in addressing the problem it was introduced to deal with; whether the surveillance is minimally invasive or would a less privacy-intrusive way of addressing the problem be effective; and whether the problem still exists.
What you can do if an organization does not follow these guidelines
If you are concerned about an organization’s video surveillance activities, you can make a complaint directly to the organization. The organization is required by law to have a policy to receive and respond to complaints about its privacy practices.
Video surveillance in the public sector
And the appetite of city governments and police services for surveillance cameras is growing. The Olympics, held in Vancouver in 2010, resulted in a massive increase in the use of surveillance cameras around the Vancouver region. But the effectiveness of video surveillance in reducing crime is extremely doubtful, according to a government analysis done in the United Kingdom where there are 4.2 million surveillance cameras. The study concluded, based on a review of 22 different studies, that video surveillance reduced crime only to a small degree and was most effective at reducing vehicle crime in parking lots. Video surveillance was found to have little or no effect on crime in public transport and city centre settings.
Other forms of surveillance include municipal bylaws that require businesses to file reports to police about their customers (pawnbrokers and others have been subject to such laws); laws requiring internet service providers to disclose customer name and other information (lawful access); government policies and programs that watch people as they cross borders or engage in other lawful activities.
The key problem with these types of laws and policies is that they go around the long-standing requirement to use the courts to get a warrant for the collection of personal information by police and other agencies of government. Judges have a duty to safeguard our rights by considering whether the police have reasonable grounds to invade an individual’s privacy, based on the particular evidence in the particular case. Judges perform a very important gatekeeping function. But by putting entire communities under surveillance and re-naming it a security measure, governments avoid having to go to a judge in many cases, and they ignore their constitutional responsibilities to minimally intrude on citizens’ rights. When that happens, everyone’s privacy is threatened.
If you are concerned about a video capture incident or a surveillance site, you should direct that concern to the access and privacy contact of the public sector body responsible. For BC you may use a fillable form here to do so. If you are not satisfied with the response you receive from the public sector body, you can complain to the appropriate Commissioner in BC, or Canada.
Privacy and employment
Some privacy protection for all employees
Because circumstances and technology change, the balancing will always depend on the particular circumstances that exist at the time of the collection, use and disclosure- for example, see Wansink v. Telus Communications  4 F.C.R. 368 (F.C.A.).
Privacy laws require employers to take care when engaging in activities that involve employees’ privacy and to give advance notice to employees, minimize the amount of personal information collected, use the personal information for limited and specified purposes only, limit access to it, keep it secure and confidential, retain it for a limited period only, and dispose of it in a manner that protects its security and confidentiality.
There are a number of general principles that apply to employee privacy. The following are the key rules to remember:
- In general, each of the privacy laws are designed to permit the employer to collect an employee’s personal information without having to ask for consent if the personal information is necessary in the circumstances, for the purposes of the employment relationship or for the purposes of continuing its business operations;
- The employer can collect, use or disclose personal information for other purposes if it gets the employee’s consent;
- Even when the employer is not required to get consent, it still must give notice to the employee of the purposes for which it collects, uses and discloses personal information;
- The employer must always protect the information and limit internal sharing with other employees to a need to know basis;
- Except in a few limited circumstances, the employer must allow the employee to see the information if the employee makes a formal request for access.
These principles must always be applied by an employer in a reasonable manner. There is an overarching requirement that the purposes for the collection, use or disclosure must always be reasonable and appropriate in the circumstances.
Figuring out what is reasonable involves looking at whether the infringement of the employee’s privacy is in proportion to the employers need for the personal information: the greater the impact on employee privacy, the more important the business need has to be. For more information, see Re Agropur, Division Natrel and Teamsters Local Union No. 647 (Slotnick), 2008 CanLii 66624 (ON L.A.). For those readers interested, this grievance arbitration decision contains discussion of competing lines of authority and references numerous other arbitration cases.
Which law applies to you?
If your employer is federally regulated
The Personal Information Protection and Electronic Documents Act (Canada). (PIPEDA) applies to your employer if it is in the following industries:
- Interprovincial or international transportation (including trucking, railways and shipping);
- Nuclear energy;
- Activities related to maritime navigation and shipping (including, for example, ports and longshoring);
- Local businesses in Yukon, Nunavut, and the Territories (where all private sector activity is in federal jurisdiction);
- Band councils to the extent of their operations under the Indian Act.
PIPEDA applies to employment in these industries, as well as to employment in Federal Crown corporations bound by order under the Act. The Privacy Commissioner of Canada oversees these types of organizations throughout all of Canada.
The Privacy Commissioner also oversees all businesses in provinces without a provincial privacy law like BC’s PIPA (Saskatchewan, Manitoba, Ontario, Prince Edward Island, Nova Scotia, New Brunswick, Newfoundland and Labrador).
If you think your privacy rights have been breached by your employer and it is one of these types of organizations, you may lodge a formal complaint with the Privacy Commissioner of Canada. Before you do that, read about your rights under PIPEDA.
If your employer is a BC company or non-profit organization
The Personal Information Protection Act (BC) applies to BC companies and non-profit organizations. The Information and Privacy Commissioner of BC oversees privacy compliance by businesses and other types of organizations in BC. If you think your privacy rights have been breached, you may lodge a complaint with the Information and Privacy Commissioner of BC.
Before you do that, read about your general privacy rights under PIPA (BC) and your right to request access to your personal information.
If your employer is a BC government public body
The Freedom of Information and Protection of Privacy Act (BC) (FOIPPA) applies to employees of BC government public bodies and includes the government and a long list of agencies, boards, commissions, and regulatory agencies listed in Schedule 2 and Schedule 3. The Information and Privacy Commissioner of BC oversees public bodies’ privacy compliance. If you think your privacy rights have been breached and your employer is a BC government public body, you may lodge a complaint with the Information and Privacy Commissioner of BC.
Before you do that, read about your general privacy rights under FOIPPA and your right to request access to your personal information.
If your employer is a federal government institution
The Privacy Act) applies to federal government institutions any department or ministry of the government of Canada, a crown corporation and a long list of federal agencies, boards and commissions listed in Schedule 3. The Privacy Commissioner of Canada oversees federal government compliance with the Privacy Act. If you think your privacy rights have been breached by your employer and it is a federal government institution, you may lodge a formal complaint with the Privacy Commissioner of Canada.
Before you do that, read about your rights under the Privacy Act.
The hiring process in the private sector
The Information and Privacy Commissioner of BC has issued a set of Frequently Asked Questions on privacy rights during the hiring process.
What happens to my resume or application?
If the employer has not advertised for a position or asked for your resume, it is not required to keep a copy of your resume or application on file. If it does not want to keep the resume or application on file, it has to take care to dispose of it carefully to protect the personal information it contains, either by shredding paper or deleting electronic copies.
If the employer decides to keep the resume or application for future use, it must protect the personal information, as well as responding to your request for access to the information and telling you how it has been used and disclosed.
If it uses your resume or application to make a decision about you (including a decision to hire or not hire you) it must keep it for a year to allow you to have access to it if you request access.
What kind of information do I have to give to the employer before I’m hired?
If the employer needs the information for some other purpose, it must tell you why, what the purposes are and get your consent. You have the right to refuse.
No employer is allowed to get your Social Insurance Number before it has made the decision to hire you and offered you the job, because the SIN is legally required by an employer only for limited purposes. So you are entitled to refuse to give your SIN until you have been hired.
If your employer is an organization in BC and wishes to use your SIN to confirm your eligibility to work in Canada, it should limit itself to collecting the first three numbers of your SIN (because those numbers indicate eligibility to work). If it can confirm your eligibility by some other less-privacy intrusive means, it should do so.
What about reference checks?
By listing the names of people on your resume as references, you are giving your consent, both to the employer and to the people listed, to talk about you. To make sure the people on your list understand that you have consented to them giving a reference about you, you should tell them yourself rather than rely on the employer to tell them.
Your potential employer may also want to speak with individuals whom you have not specifically listed as references (for example, a former employer). They may do so, but must give you notice first. The individuals contacted should obtain your consent prior to disclosing information about you.
Your right to access the information about you given by your references
The information given about you by your references and others is your personal information, but your right to get access to it could be limited in certain circumstances.
If the comments given by references were intended to be confidential, you might be refused access to them, but we have not heard about a legal finding that has confirmed the issue. Until this question is settled, it is perfectly legitimate to take the position that you have a right of access to comments about you given by a reference and you can request that information.
You cannot get access to your personal information underPIPA if it would reveal the identity of an individual who provided personal information about you, and that person does not consent to being identified.
Under both PIPA and PIPEDA, you are not allowed to get access to your personal information if disclosing it to you would reveal personal information about another individual.
Under PIPEDA, which applies to certain types of employers, a third party’s opinion about you is your personal information which you may be entitled to access, unless there is a legal exception to your right of access.
Background checks, credit checks, criminal records checks, drivers abstracts
An employer has the right to request that you consent to checks such as a credit check, a background check, a criminal records check, or that you consent to providing a driver’s abstract so long as the information is necessary for the job, and the purposes for the collection of the information are reasonable and appropriate in the circumstances (for more information see Order 07-01 Finning Canada at para. 56).
You have the right to refuse to consent. The employer should tell you the consequences of your refusal so you can make an informed decision whether to consent or not.
Generally, the employer should not routinely require these types of checks to be done for all job candidates. Background, credit, criminal records checks, and drivers abstract checks should be done only if they are relevant to the position, and only if you are being seriously considered for the position, i.e. not at the initial application stage (for more information see SAS Inc., Investigation Report P2005-IR-008).
Until a commitment is made to hire you pending a clean record, these types of checks should be avoided unless they are required by law to be done at an earlier stage. In all cases, the personal information to be obtained by the check must be reasonably related to the job responsibilities and there must be no less intrusive means of getting the information. If the employer can get the information it needs using a method that is less privacy-invasive, it must do so.
Sometimes laws apply to employers requiring them to do these types of checks; for example daycares, private schools and other places serving vulnerable people must carry out background checks on their employees. The Criminal Records Review Act R.S.B.C. 1996 c. 86 requires BC government employers, including school boards, health care facilities, government and government agencies to carry out a criminal records check on employees hired to work with children, but not until after the employee is offered the job. Sometimes the employer is required under a contract to ensure that their employees are subject to one of these checks prior to hiring. In either of these cases, such checks would likely be found by a Commissioner to be reasonable and appropriate in the circumstances.
What happens to the information the employer gets in these types of checks?
All of the normal privacy rules apply to personal information obtained for background, credit or criminal records checks and for information contained in a driver’s abstract:
- The information may be used or disclosed by the employer only for the purpose for which it was collected and not for another purpose, unless the employer gets a new consent (or if it is permitted or required by law to use or disclose it a rare circumstance);
- The information must be protected and kept securely;
- You have a right to access the information; and
- If the information is used to make a decision about you, in most cases the information must be retained for a year to permit you to get access to it if you want.
A useful information booklet about criminal records checks has been published by the Ontario information and Privacy Commissioner, but it is relevant to BC. You might also want to read information from the RCMP about criminal records checks, as well as this recent report from the BC Commissioner.
Health information at work
A great deal of the rules and principles in this area have developed in the context of labour arbitrations between unionized employees and employers. The balancing is done on the basis of what information is reasonable for the employer to collect in the particular circumstances of the case. In general, the more that is required of the employer, and the greater the risk to the employee and other workers, the more personal health information the employer may be entitled to.
So for example, it is generally not considered reasonable to automatically require a doctor’s note from all employees for every sick day. But if you were returning to work after a short-term disability leave, the employer may reasonably require a certificate stating that you were fit to return to work or may, depending on the circumstances, reasonably seek more detailed information about your abilities.
If you are receiving benefits, your employer may be entitled to more information. If the job is safety-sensitive, more health information may be necessary. And at the far end of the spectrum is the duty to accommodate, in which your employer has a duty to inquire and inform itself about your disability, so that it can fulfill its duty to accommodate you. (Employers have a duty to accommodate an employee’s disability up to the point that accommodating the employee puts an undue hardship on the employer.)
In each case you can refuse to consent to give your personal health information to your employer but there may be reasonable consequences, such as being held out of service, not being accommodated, or even in certain limited circumstances being disciplined.
While each case will be decided on its specific facts, the following sections discuss some general principles for how your right to privacy may be balanced against your employers need for your health information.
- Your employer may be permitted or required to put you on paid or unpaid leave (but not impose discipline) if it cannot obtain sufficient information to ensure a safe return to work after a disability leave.
- A collective agreement or a law or regulation may give your employer limited rights to require you to see a particular doctor or provide certain types of medical information. If you refuse in these circumstances, you could be subject to discipline, depending on the language of the collective agreement, or law or regulation. See for example:
- Canadian Merchant Service Guild v. Ocean Construction Supplies Ltd. (2005), 140 L.A.C. (4th) 257.
- Grover v. National Research Council of Canada  PSLRB 150, available at http://pslrb-crtfp.gc.ca/decisions/summaries/2005-150_e.asp.
- Appeal dismissed http://decisions.fca-caf.gc.ca/en/2008/2008fca97/2008fca97.html
- Where there are reasonable grounds, your employer could ask you to undergo a medical exam, but less privacy intrusive means to obtain the information should be tried first. Examples of reasonable grounds include the following:
- When the job is safety-sensitive (see for example PIPEDA Case Summary #287)
- Where your reinstatement is contingent on an independent medical assessment
- Where specific information is necessary to administer a benefits program or to establish entitlement to benefits (see for example PIPEDA Case Summary #118)
- Where the available information is insufficient to answer legitimate and relevant questions (see for example Ontario Nurses’ Association v. St. Joseph’s Health Centre, 2005 CanLII 24239 (ON S.C.D.C.); and see PIPEDA Case Summary #118)
Information reasonable for the purpose
The employer may collect only what is reasonable for the purpose and what is reasonable will change depending on the purpose.
Your employer may require you to provide a doctor’s note for a sick day(s) if it is reasonable in the particular circumstances to do so, such as if the collective agreement deals with the issue; the employer has a reasonable policy on the issue; there is excessive absenteeism, or there is suspicion as to your truthfulness.
An employer may require you to provide a certificate specifying that you are fit to return to work after a short-term disability leave, especially if the employer is concerned about your safety or the safety of other workers. The employer could require you to give the doctor a job description or demands analysis to ensure the doctor understands the actual tasks when assessing your fitness to return to work. For more information, see Ontario Nurses’ Association v. St. Joseph’s Health Centre, 2005 CanLII 24239 (ON S.C.D.C.).
When the employer has a duty to accommodate your disability, it is reasonable for the employer to collect more information because it has a legal duty to inquire and inform itself about all relevant information about the disability, including your current medical condition, prognosis, ability to perform current duties and/or any alternative work. For more information, see Fendick v. Lakes District Maintenance Ltd.  B.C.H.R.T.D. No. 573 (QL); see also Ontario Public Service Employees Union v. Ontario (Ministry of Children and Youth Services), 2006 CanLII 17669 (ON G.S.B.)
Detailed information about your specific cognitive or physical limitations may be justified, but your employer should seek such information only after less privacy-invasive inquires have failed to provide the necessary level of knowledge required for it to meet its duties.
Information necessary for the purpose
The employer must limit the collection to the minimum amount of information that is necessary for the purpose.
Routine questionnaires or forms containing broad general questions can be unreasonable, especially when the forms are required to be completed by an employee’s doctor, as broader questions can prompt a doctor to provide more information than is necessary for the employer’s purpose. For more information, see for example Communications, Energy and Paperworkers Union of Canada Local 49 v. West Coast Energy Inc.  C.L.A.D. No 504 (QL).
Less information is necessary if less is required of the employer: for example in a return to work situation, information about your diagnosis is generally not necessary but specific information about abilities and disabilities will address the need to know what you can actually do. For more information, see West Coast Energy, above. See also PIPEDA Case Summaries #233, #235, #257.
Information about your diagnosis may be necessary in cases of long-term disability claims, or where a duty to accommodate is triggered, or where the health and safety of other workers could be affected. See for example Canadian Union of Postal Workers v. Canada Post Corp.  C.L.A.D. No. 310 (QL).
Security is very important. Personal information should be protected so that only those other employees and managers who need to know the information may see it.
It is best practice to ensure that employee health information is generally held in a file that is kept physically separate from the general employee file containing review and discipline information. Only those other employees who have a reasonable need to know the information should be able to see it.
Even if a human resources department is given your health information, it may not be necessary to provide that information to your manager, who may have a need to know only the specific information about your return to work date, your impairments or requirements for accommodation.
Employers with in-house occupational health and safety departments must ensure that health information is retained locally in that department with strict access controls to ensure the information is kept confidential.
Searches by employers
Searches are not acceptable if they are carried out randomly, or are done universally throughout the workplace, are targeted at one individual but based on circumstantial evidence or a suspicion that does not have a reasonable basis.
You might also consult an employment lawyer for legal advice through the Canadian Bar Association Lawyer Referral Service.
Video surveillance in the workplace
Covert surveillance of individual employees
An employer can only use covert (hidden) surveillance if the employee under surveillance is suspected of having breached the trust relationship between the employee and the employer by engaging in fraudulent activity (such as falsely claiming to have suffered a workplace injury).
Less privacy-intrusive ways of getting the information about a suspected fraud should be used before surveillance video is used, and the employer must limit the collection of personal information to only what is necessary to establish the fraud or breach of trust.
General surveillance in the workplace
The Privacy Commissioner of Canada has issued a number of decisions specifically about surveillance in the workplace and some principles have emerged which can be expected to be applied under most privacy laws:
It is not appropriate to use continuous or always-on surveillance if one of the purposes is to manage employee productivity. An employer should use a less privacy-invasive means of managing productivity.
Cameras may be appropriate if:
- There is a legitimate, demonstrable, operational need for cameras for security purposes;
- The cameras are going to be effective in meeting that need;
- There is no other more effective and less privacy-intrusive means of meeting that need;
- The cameras are directed at areas of access to the facility rather than on areas where employees work or where the employees have a reasonable expectation of privacy, such as washroom doors, changing areas, or lunchrooms;
- The recordings are stored for a specified, limited time and destroyed or overwritten when that time has lapsed;
- The employees are told about the surveillance, the purpose of the surveillance and the rationale for it.
Workplace policy on video surveillance
Employers should develop a policy on video surveillance prior to implementing the surveillance and the policy should include the following points:
- Clearly identified purposes for the video surveillance;
- The personal information recorded should be limited to what is necessary for the purpose, and should be used only for those purposes. The information may not be used for other purposes unless the relevant privacy law permits or requires the use (generally this would be for investigation purposes) or the individual who is in the surveillance tape gives consent;
- The information in the recordings must be kept secure, access to it should be limited and the recordings should be destroyed when they are no longer required. Any image of an employee is that employee’s personal information to which he or she would generally have a right of access (subject to any limits in the applicable law).
If you have any concerns about surveillance conducted by your employer, do the following:
- If you are comfortable doing so, you could ask the privacy officer about the surveillance;
- If you are unionized, seek assistance from your union representative and your union;
- You may also lodge a formal complaint with the Privacy Commissioner that oversees your employers.
There are very few privacy law cases so far that involve biometric information in the workplace, so there are not a lot of cases to give us a specific set of rules. But the following general requirements of privacy law for the collection, use and disclosure of personal information do give us the basic standards:
- For organizations in the private sector, the collection of employees’ biometric information must be reasonable and appropriate in the circumstances. For government bodies in BC the collection of such information must be expressly authorized under a BC law, collected for law enforcement purposes or must relate directly to and be necessary for an operating program or activity of the public body. For federal government institutionsthe collection must be directly related to an operating program or activity of the institution;
- Only the personal information necessary for the purpose should be collected, not more;
- Once collected, the employer is required to protect the personal information and keep it secure from access, use or disclosure that is unauthorized; and
- Individuals have a right to request access to their personal information and to request correction of their personal information.
In every case, the collection, use and disclosure of biometric information by a non-governmental employer must be reasonable and appropriate in the circumstances (for more on this, see Wansink v. Telus Communications Inc. (F.C.A.) 2007 FCA 21). In determining what is reasonable and appropriate in the circumstances, the following factors must be considered:
- The degree of sensitivity of the biometric information;
- How well the employer will protect the information;
- Whether the business objectives of the employer are legitimate and bona fide, and whether the biometric information is effective in meeting those objectives;
- Whether there are alternative methods of achieving the same level of security at comparable cost and with comparable operational benefits;
- The proportionality of the loss of privacy to the employees should be weighed against the employer’s costs and operational benefits, bearing in mind how well the employer protects the information.
Sometimes commissioners and arbitrators have considered how much sensitive information is revealed about the person through the biometric. So for example, when an employer decided to use a voiceprint to authenticate employees logging on to a phone system as part of their work, the Privacy Commissioner of Canada said that the use of a voiceprint was legal because the voiceprint could not be used for any other purpose, could not be used to spy on employees and because the voiceprint did not reveal much information about the employee (see PIPEDA Case Summary 281, Organization uses biometrics for authentication purposes).
An arbitrator reached a similar conclusion in a case about fingerprint biometrics. The arbitrator found that the fingerprint scan was not privacy invasive because it took less than a minute and did not involve any part of the body that is considered private. It took only half a fingerprint and immediately converted it into a series of numbers which was virtually useless for other purposes, and it provided no personal information about the employee. (For more information, see Re Agropur, Division Natrel and Teamsters Local Union No. 647 (Slotnick), 2008 CanLii 66624 (ON L.A.). For those readers interested, this arbitrator looked at a line of relevant biometrics cases decided under labour law not privacy law.)
It is early days for legal decisions about the use of biometrics in the workplace. We can expect the law to evolve in this area.
Does your employer have to get your consent?
- the biometric information is reasonably required by the employer for legitimate business purposes; and
- the employer is careful to ensure that the infringement on your privacy is minimal in relation to the employers legitimate business need.
Under PIPEDA, an employer may need to get your consent to collect your personal information for biometrics purposes. When asking for your consent the employer has a duty to tell you what the consequences would be of not consenting.
Does this mean that the employer can impose discipline if you refuse to consent?
It is unclear whether an employer is allowed to make progressive discipline a consequence of refusing to consent. It seems that the threat of discipline or of dismissal for refusing to consent might make the consent given by the employee invalid. But one of the general privacy rules is that employers are required to tell employees about the consequences of refusing or withdrawing consent to the collection of personal information. The difference between a threat of discipline or dismissal and informing the employee that a consequence might be discipline or dismissal has not yet been clearly defined by a court or a privacy commissioner (see Wansink v. Telus Communications Inc. (F.C.A.) 2007 FCA 21).
So, we can say that depending on the circumstances (including whether the employer is required by law or a contract to use surveillance or biometric data for security purposes) consent given to an employer may be valid and acceptable even if the consequences of refusal include dismissal.
Until the issue is determined in a court (or new legislation is enacted), keep in mind that so long as the employers use of biometric information is reasonable and appropriate in the circumstances, it might be allowed to impose progressive discipline up to and including dismissal if you refuse to consent.
What to do if you feel forced to consent
If you believe that you are being required to consent and you do not want to consent but feel you have no choice, you could take the following steps:
- If you are comfortable doing so, you could ask the privacy officer about the collection, use and disclosure of biometric information;
- If you are unionized, seek assistance from your union representative and your union;
- You may also lodge a formal complaint with the relevant privacy commissioner;
You might also consult an employment lawyer for legal advice.
For detailed information about how biometric systems generally work, see “How biometric systems work” published by the Canadian Internet Policy and Public Interest Clinic (CIPPIC).
Global Positioning Systems (GPS)
The impact of this type of tracking is just beginning to be considered by privacy commissioners and courts. In one case, the Privacy Commissioner of Canada examined how an organization can use GPS. While we know little about what privacy law has to say specifically when applied to GPS, it is clear that general privacy law principles will apply to how an employer collects personal information by way of GPS systems.
General requirements for GPS use by employers
General privacy law requirements are:
- For private sector employers, the collection must be reasonable and appropriate in the circumstances. For BC government employers, the collection of such information must be expressly authorized under a BC law, collected for law enforcement purposes or must relate directly to and be necessary for an operating program or activity of the public body. For federal government employers the collection must be directly related to an operating program or activity of the institution;
- Only the personal information necessary for the particular purpose should be collected, not more;
- Once collected, the organization, government body or government institution is required to protect the personal information and keep it secure from access, use or disclosure that is unauthorized;
- Individuals have a right to request access to their personal information and to request correction of their personal information.
For Information on your rights if your employer is a business, non-profit organization, a BC government body or Canadian government institution, read our ‘Definitions’ to see which law applies to you.
GPS use by businesses, non-profit organizations and associations
So far, the Privacy Commissioner of Canada has considered when the use of a GPS system by an employer is permissible under privacy law; the company involved in that case was subject to the PIPEDA (Canada). More recently, the Information and Privacy Commissioner of BC has also considered the use of GPS according to PIPA (see Order P13-01, Kone Inc; see also Order P13-02, Thyssenkrupp Elevator (Canada) Limited), and also under FOIPPA Order F13-04 https://www.oipc.bc.ca/orders/1499.
Because the privacy commissioners across Canada are trying to develop a consistent body of guidelines and rules, it is probable that the requirements developed by the Commissioners for these cases would be applied under other privacy laws. Those requirements are:
- The purpose for the collection of GPS information must be reasonable and appropriate in the circumstances;
- The employer must limit the amount of information collected to that which is necessary for the purposes identified;
- The loss of privacy should be in proportion to the benefit gained and there should be no less privacy-invasive way to achieve the purpose;
- If any information is to be used for employee management or discipline purposes, that should be clearly communicated to employees before the system is used and those purposes should be limited, exceptional and defined in advance. Acceptable uses include investigating an employee if there are reasonable grounds for concern;
- This type of information should not be used routinely in employee management situations, nor should it be used for continual monitoring of employees;
- The employer should develop a policy for GPS systems which should set out clear terms and conditions for the use of the personal information to manage employees;
- All employees should be trained to understand the policy and the system. Employees and managers who control or use the system should know their privacy obligations and how to use the information appropriately.
Generally, privacy commissioners and courts have reasoned that if, in the course of monitoring the computer systems, the employer has reasonable grounds to suspect an employee is misusing or has misused the system, the employer is entitled (and may be under a duty) to investigate further. The investigation may include direct monitoring of the employees computer use and possibly even reading the employee’s emails.
Keystroke logging, screenshots and similar surveillance tools
Keystroke logging and other detailed collection of personal information is generally considered to be particularly privacy invasive because it can capture information such as account numbers and passwords. However, depending on what online activity is suspected and the grounds for the investigation, it may be permissible for an employer to use keystroke logging or the collection of screenshots, if no less privacy-invasive method of investigation is effective.
Computer use policy required
Before doing such monitoring, the employer should develop a computer use policy which details:
- the types of activities that are prohibited (for example, visiting websites dealing with pornography, hate speech, criminal activity or downloading material from such sites);
- the nature of the monitoring or audits that are done, including whether employee productivity is monitored or assessed;
- the employer’s intention to investigate if a breach of the policy is suspected and use evidence of the employees computer use (including any relevant emails) in any discipline that may be imposed.
However, if the employer is worried mostly about reduced employee productivity because of excessive personal use of the computer systems, then less privacy-invasive methods should be used.
Surreptitious computer monitoring should not be used by an employer to catch an employee wasting company time unless the employer already tried other ways to address the problem and those efforts did not work.
What you can do if your computer use has been inappropriately monitored
If you feel that your employer has inappropriately monitored your computer use, you may do the following:
- If you are comfortable doing so, you could ask the privacy officer about the computer monitoring;
- If you are unionized, seek assistance from your union representative and your union;
- You may also lodge a formal complaint with the relevant privacy commissioner;
- You may also wish to consider whether it is appropriate to commence a lawsuit for invasion of privacy.
For more information, see the Canadian government information and technology policies and the BC government information security policies.
Privacy and the BC government
The Office of the Chief Information Officer of BC (OCIO) is responsible for the management of information and information technology in the government. The Chief Information Officer is located in the Ministry of Citizens’ Services. That Ministry is mandated to update the information technology infrastructure to enable the transformation of government service delivery in BC.
In support of these goals, the OCIO developed a strategic Information Management/Information (IM/IT) Technology Plan.
A core component of the IM/IT Plan is the intention to increase information sharing across government departments and ministries. It is argued that increased sharing and use of information will be more efficient and improve service
If you want to know more about the governments IT/IM Plan, the OCIO has issued several standards documents that describe the information technology standards that apply throughout the government and detail new strategic initiatives that are key to the transformation of government systems and infrastructure.
There are several projects which are of primary importance to the transformation of government systems in BC. Of these projects, the following appear to have obvious privacy implications:
- Identity Management
- Information Access Layer
- Integrated Case Management
- Data Warehousing and Business Intelligence Strategy
- IM/IT Strategic Infrastructure and Shared Services
Each of these projects will be briefly discussed here and in the Other Identity Projects section.
What is identity management?
Identity management is fancy language for a method of recognizing people based on specific information they provide that proves who they are and that gives them specific rights or privileges based on their identity.
Drivers’ licenses are a simple example of identity management. Drivers are identified by their license numbers and photograph and specific privileges (such as “allowed to drive on the highway”) are linked to the identifying number. The licence is proof of the person’s identity as a licensed driver, which gives you the credential entitling you to the right to drive.
Another example is your gym membership. You may carry your gym membership card with you, which identifies you as “Jane Doe, member of Exercise Gym”. Thus your “identity in that context is “Exercise Gym member” which lets you use that gym and any related facilities. The card is proof of your identity as a gym member, which gives you a credential entitling you to use services at other gyms within the same corporate or community network.
Other common identities are customer, patient, student, parent, employee, benefits recipient, taxpayer, etc. Each identity will define you in a particular context and will entitle you to certain rights (or require you to comply with certain obligations).
What is BCs identity management project all about?
The scope of the Provincial Identity Management Initiative, also known as BCeID Next Generation (BCeIDng) is, in the words of BCs Chief Information Officer, “very broad and its impact on business and technology almost universal” (IM/IT Strategic Initiatives and Infrastructure: Guidance for Procurement Staff and Solution Developers, page 3).
The purpose of the project is to create a verified electronic identity for businesses and citizens to use when interacting electronically with government agencies and services.
This project was begun several years ago when it became clear that ministries were moving independently to establish websites to permit citizens to obtain services online, and each of these websites would require individuals to use different user IDs and passwords and would permit individuals to obtain only those services offered by that ministry or agency.
It was recognized that such a system would be expensive and impractical. So the long-term goal of the initiative is the creation of a provincial infrastructure for identity management. This will involve permitting the user to access services and information electronically, by proving her identity electronically. The interoperability of systems throughout the government is necessary for identity management to function.
Why has this project been initiated?
This project has been started because the government has identified the following needs:
- Information sharing for frontline service providers: The government believes it needs to share information among the health, social services, educational and criminal justice sectors to improve how services are delivered to people.
- Information sharing for research purposes: Researchers need information from across sectors to develop and evaluate public policy. It would be easier if the information was in an interoperable and accessible form, and the government says the technology must be created to allow researchers to access the information in a secure and privacy-protecting manner.
- Information sharing for citizen self-service: Citizens can obtain more services online if there is a way of securely authenticating their identity; a way of proving that the individual is who they say they are.
The creation of this infrastructure is a long-term project of the government. Currently, most of the work in identity management is being done in B.C.s health sector. The province is using the development of the electronic health infrastructure to establish the technical standards and services for the whole system. That system is being built to support all other public service areas, including education, social services, justice and the resource sector.
What is the status of the project?
The Freedom of Information and Protection of Privacy Act was amended in the fall of 2011 to create an ID management authority, which is the Ministry of Citizens’ Services.
The actual government ID card, combining the health CareCard and the provincial drivers’ licence was rolled out in February 2013. It is NOT mandatory to take the BC Services Card when you renew your driver’s licence, although it will be offered to your several times.
However, the government was forced to conduct a consultation of British Columbians in the fall of 2013 at the urging of the Information and Privacy Commissioner.
It remains to be seen how the BC government will react in practice to the recommendations of the User Panel, especially their recommendation that the card not be mandatory.
Other identity projects
The Information Access Layer (IAL)
Another BC government initiative that is linked to the BCeIDng project is an integration project involving the e-Health Infrastructure. This integration project is called the Information Access Layer.
The Information Access Layer is a multi-million dollar project to support areas of the public service including education, social services, justice and the land and resource sector. This will be a critical layer of the government system which will enable information sharing between public sector and private sector partners for a wide range of information services.
As described in the government document IM/IT Strategic Initiatives and Infrastructure: Guidance for Procurement Staff and Solution Developers, the IAL is a set of common provincial services that enable secure and appropriate information sharing between various connected systems across multiple organizations.
The IAL has two primary objectives:
- Protected information sharing – provides a common privacy and security policy enforcement engine to enable the consistent application of privacy and security policies and enables effective management, monitoring and auditing of access.
- Systems communication – provides a common connection point with common protocols and services for all systems engaging in system-to-system information sharing.
Government can use personal information for the purposes for which it was collected or compiled or for a use consistent with that purpose, or for the many purposes for which it can be disclosed under s. 33 of the Act, including where authorized by another law. While the Commissioner has said that a consistent use has to meet certain standards of reasonableness, the government always has the option of passing a new law if it believes that it cannot meet the standards of reasonableness required by the Commissioner.
Advanced communications and collaboration
The purpose of this initiative is to give public sector workers a more efficient way of locating and sharing information between colleagues and between different ministries and agencies. The focus of this initiative appears to be on enabling the efficient creation of work products, such as setting up a web-based video conferencing service, using instant messaging when other colleagues are online, sharing and collaborating on documents in a common, secure online workspace and the like.
Integrated Case Management (ICM)
The Integrated Case Management project is part of a larger Social Service Sector Integrated Information Management Project being led by the OCIO at the Ministry of Citizens’ Services. The first component of the project to be developed is the Integrated Case Management (“ICM”) Project, which will be the foundation for further information sharing across the social services sector.
The Integrated Case Management project is focused initially in the Ministry of Housing and Social Development and the Ministry of Children and Family Development and is intended to eventually grow to link information and services delivered by the Ministries of Health Services, Education, and the Attorney General and those delivered by other provinces, governments and private sector contractors to government.
The government has indicated that it has an approximate combined total of 5,500 potential users of a Case Management System within the Ministry of Children and Family Development and the Ministry of Housing and Social Development. In addition, the government foresees extending some form of access to portions of the system to approximately 13,000 contracted service delivery providers in the broader public sector (these are agencies, professionals and others who deliver services on behalf of the province of BC). Finally, it appears that the intention is to eventually extend the Integrated Case Management system to other ministries and to outside organizations in the broader public sector.
In March of 2008, the BC government contracted with Oracle Corporation for the development and implementation of a case management system for the ICM project.
In 2012 BC’s Ministry of Children and Family Development released an Interim Assessment of Integrated Case Management. The report outlined a laundry list of weaknesses in the system, from “unclear lines of accountability across the end-to-end project life cycle,” to insufficient implementation resources and a “paucity of IT experience” among project workers. The findings confirmed many of the concerns that civil society groups have been raising since the ICM was first proposed.
Since that report there have been several shut downs of the system, some for more than a week. It is not clear that the system can be made function as intended, and the Representative for Children and Youth continues to express her dissatisfaction with the system.
BC Services Card
The ICM debacle also raises serious concerns over other government IT and identity management projects like the new B.C. Services Card, which launched in February of 2013. The BC government has launched its BC Services Card, a mandatory provincial ID card that initially combined CareCards and drivers licenses, but will potentially enable access to a range of government services. The Card will have a major effect on the way the province collects, accesses and shares often highly sensitive personal information. It is one part of BC’s wide-ranging vision for integrated identity and information management—a vision that scales and interoperates on a federal level.
The BC Civil Liberties Association prepared a report assessing some of the security and privacy risks associated with the system. The BC government held a public consultation on the Card’s implementation, which you can read more about here.
Data warehousing and hosting
The province has undertaken additional projects to rationalize their technology use. Some of these projects will necessarily involve sharing information or making systems interoperable.
One project involves identifying and assessing data warehousing and business intelligence technology that is currently in use throughout the various ministries in the BC government. This is called the Data Warehousing and Business Intelligence Strategy. A part of this assessment will involve identifying potential opportunities for sharing information or leveraging technology.
The IM/IT Strategic Infrastructure and Shared Services is a project that ensures that the data centre and hosting services in the government are centralized and comprehensive.
Some of the privacy risks of identity projects
A Warning From Those Who Have Gone Before Us In Transforming Their Services
“… the Transformation Government programme [of the UK] is unapologetic about minimizing unnecessary personal contact… [i]f citizens end up having to feed the beast by supplying ever-more information through automated channels, will the interface end up as call-centre hell but with ID cards?”
– From Database State: A Report Commissioned by the Joseph Rowntree Reforms Trust Ltd.
Some in government argue that citizens cannot get the services they require in an efficient way because the system does not have a secure electronic way of proving that the individual is who she says she is, and information about them cannot be shared between ministries and departments securely and electronically. As part of these projects, the government asserts that privacy will be protected through comprehensive safeguards. But actually protecting individual privacy is extremely challenging when systems are being built for the primary purpose of sharing, and there is not enough assessment of privacy requirements even while the systems are being built.
- There are blatant privacy risks posed by these projects, and privacy advocates are concerned that privacy is not being sufficiently addressed in this drive toward efficiency.
- When more people have access to a computer database or whole system, there are more opportunities for privacy breaches, information loss and misuse.
- And because the purpose of these projects is to enable information to be easily shared across ministries, governments and with outside contractors and service delivery providers, more people will potentially have access to an individual’s information than would ever have access today.
Now, when electronic systems are being developed for the purpose of sharing data, the inadequacies in the privacy protections available to BC and Canadian citizens has become much clearer. The fact is, the systems and databases are being built before the policies and rules have been developed to ensure the protection of personal information. This is a recipe for privacy breaches, information misuse and the growth of a surveillance society.
Further, these projects create very real new threats to individual privacy rights because the very purpose of them is to permit the exchange of information about citizens between and among government departments and ministries which may have had no pre-existing reason to share the information. This can lead to “function creep.” Function creep occurs when new purposes or functions for information are found after it is collected. There is a tendency to realise how useful information can be, for purposes we never thought of before, once we have it in our possession. This risk increases when new technologies are developed that did not exist at the time the information was collected. These projects pose a very real risk of function creep.
It is very difficult to adequately address the risk of function creep after the fact. That is why if citizens are to be sure that their privacy rights will be respected, privacy rules must be established before the information is collected.
Outsourcing and contracting
Personal Information that is in the custody or under the control of a public body is subject to FOIPPA. If a public body contracts with a private company or a non-profit organization to carry out some of its functions or deliver a service, and that company or organization actually handles the personal information, there may be a question about whether FOIPPA applies to that information.
It is not always immediately obvious which law applies when governments use private contractors or a non-profit society to provide services. Sometimes this question has to be determined by a judge or the Information and Privacy Commissioner. They will look at factors such as whether there is a contract between the third-party service provider and the public body or whether the individual or employee was creating or collecting the records for the purposes of the public body, among other factors.
Generally, when a public body contracts with a private sector organization to carry out a function of the public body, the records collected, used and disclosed by the private sector organization in the course of its duties to the public body will be covered by FOIPPA.
The Information and Privacy Commissioner of BC has said many times that a public body has a duty to ensure that personal information is kept secure, including personal information in the hands of a contractor or agent. As part of this duty the public body must use a contract to ensure that the agent or contractor uses adequate security measures.
The public body cannot escape any of its obligations under FOIPPA by using a private sector organization to carry out its functions. Similarly, the private company or non-profit cannot escape its duties under the Personal Information Protection Act, just because it does some work for the government. The company or non-profit will still have to follow the law that applies to it, even if it also has to make sure it meets the requirements in FOIPPA because of its work for the government.
The privacy protection schedule
The Privacy Protection Schedule is a standard form of contractual requirements which must be included as part of each contract between any provincial government body and any contractor that it hires, if:
- the contract involves ‘personal information’ as defined in the Freedom of Information and Protection of Privacy Act, and
- that personal information will be in the custody or under the control of the government body.
In general, the contract terms cannot be changed or amended by a ministry without the authorization of the Information Policy and Privacy Branch, Ministry of Citizens’ Services.
The Guidelines for Data Services Contracts (OIPC Guideline 01-02) are for use by public bodies that contract out the processing, storage, operation or management of computerized systems containing personal information; or services involving the collection, use or disclosure of personal information.
The Guidelines remind public bodies that the responsibility for protecting personal information cannot be contracted out and that the public body remains legally responsible for the information and for ensuring the privacy obligations imposed by the Freedom of Information and Protection of Privacy Act are followed.
This means that the pubic body has a duty to ensure that each contract includes terms requiring the service provider to comply with FOIPPA, and that it monitor and audit the contractor’s performance to ensure that the contract is enforced.
Sometimes using a contract helps to protect privacy. FOIPPA requires contractors to use reasonable protections to protect personal information. So when governments contract with, say, IT systems providers, the contractor must make sure they follow the law that would apply to the information if the IT systems were managed inside the government department rather than by a third party contractor.
But if the Privacy Protection Schedule is used with third party contractors that are providing services directly to citizens, it may not always be such a good idea. For example, a social services agency that has a contract with the Ministry of Children and Family Development to provide advocacy and educational assistance to single mothers is required by the contract to agree that the information is covered by FOIPPA. This means that the information is, potentially, more easily shared with other parts of government. When the agencies files are on paper or on a system which is not interoperable with other parts of the government, there is little chance of the information being used for new purposes. But when the social services agency is required to use a system that is part of, for example, the Integrated Access Layeror another new or proposed interoperable system of the government, FOIPPA allows the information to be more easily shared with other departments and ministries within the government.
As this section shows, the government of BC is intent upon making it easier to share all kinds of information about citizens among departments and agencies which have not had access to the information before. This is becoming a significant threat to the privacy of people in BC. The need for strong privacy laws, strict controls and citizen awareness and engagement has never been greater.
Privacy and the federal government
There are new travel restrictions, paired with “pre-screening” initiatives, requiring the collection of still more personal information and the sharing of it with the American government and new developments in the use of biometric identifiers, requiring the collection of still more personal information. All of these have been shown to have rampant inaccuracies in the data resulting in demonstrably arbitrary decision-making.
Passenger Protect Program: The Canadian No-Fly List
Under the Passenger Protect Program, commonly known as the No-Fly List, the Minister of Transport can deny boarding to any person the Minister believes poses an immediate threat to aviation security. The Aeronautics Act contains the legal authority for the program: the Minister of Transport has authority under that Act to specify an individual who is a threat to aviation security and to require airlines to provide information about the specified individual. To assist with identifying the individuals who should be on the list, Transport Canada created the Passenger Protect Advisory Group, consisting of representatives from Transport Canada, the Department of Justice, the Canadian Security Intelligence Service (CSIS), the RCMP and other relevant government departments as required.
Guidelines adopted by Transport Canada require that a person be added to the list if their actions lead to a determination that, should they be permitted to board an aircraft, the individual may pose an immediate threat to aviation security.
According to the Passenger Protect information published by Transport Canada, the following types of individuals may be found to pose an immediate threat to aviation security:
- An individual who is or has been involved in a terrorist group and who, it can reasonably be suspected, will endanger the security of any aircraft or aerodrome or the safety of the public, passengers or crew members;
- An individual who has been convicted of one or more serious and life-threatening crimes against aviation security;
- An individual who has been convicted of one or more serious and life-threatening offences and who may attack or harm an air carrier, passengers or crew members.
According to the website Watch Lists and Border Controls, in the first year of the Passenger Protect Program, Transport Canada reported approximately 100 cases of false-positive matches based on a list that is said to contain between 500 and 3,000 names.
How does the No-Fly List work?
The program works like this: the Ministry of Transport prepares a list of names of individuals who are believed to pose an immediate threat if they board an aircraft. All airlines must screen all passengers who appear to be over the age of 12 prior to boarding, by comparing their identification documents with the names on the list.
The list is given to all airlines operating in Canada to be used to screen all passengers at the check-in counter, before they board their flight. When the airline employee at check-in finds that a passengers name, date of birth and gender match with someone on the list, the airline is required to immediately inform Transport Canada. If the name of the individual is a match with someone on the list, the individual will not be able to print a boarding pass from the internet or at a kiosk and will be directed to a check-in counter. The Transport Canada officer who receives the call is required to verify the information with the airline and make a decision whether to issue an emergency direction that the individual poses an immediate threat to aviation security and should not be allowed to board the flight. For more information, see the Passenger Protect Program.
If the Transport Canada officer decides to issue the emergency direction, the officer informs the airline that the person is not allowed to board the plane. The officer also notifies the RCMP and local police. The airline then informs the person that the emergency direction has been issued. The airline may follow its own security procedures as well.
When he or she is barred from boarding the flight, the individual is given contact information for Transport Canada’s Office of Reconsideration, which receives applications from people wanting to have their names removed from the list. The government says that the No-Fly List is reviewed and refreshed at least every thirty days.
What are the privacy risks of the No-Fly List?
The Privacy Commissioner of Canada has reviewed the Passenger Protect Program and has significant concerns about it. The Commissioner has said that the Passenger Protect Program involves the secretive use of personal information. Particular problems include:
- The process for putting an individual’s name on the list is secretive and not transparent;
- Individuals are not told they are on the list until they try to board a plane;
- The process followed at the Office of Reconsideration is not set out in legislation (which is examined by Parliament) but in administrative procedures, which are internal to the organization and can be changed without Parliamentary scrutiny;
- There is risk of false positives: situations where an individual is incorrectly on the list or has the same name as another person on the list;
- There is a serious risk that the list will be shared by airlines with other airlines, and shared by Transport Canada with other governments;
- Canadians do not have a legally enforceable right of appeal;
- There is no compensation for out-of-pocket expenses or other damages for being denied boarding on the basis of the list
- Individuals have no right to be told whether they are on the list.
According to the Office of the Privacy Commissioner of Canada, Transport Canada has provided the office with no evidence showing that no-fly lists actually make us safer. For more information, see the Annual Report of the Office of the Privacy Commissioner of Canada on the Privacy Act for the period April 1, 2007- March 31, 2008.
What if you have been told you are on the No-Fly list?
If you have been prevented from boarding a flight under the Government of Canada’s Passenger Protect Program, you can apply to have your name removed from the Canadian No-Fly List.
If you were delayed or prevented from boarding a flight and you believe it was because your name had been flagged or put on a watch list but you weren’t given an Emergency Direction under the Passenger Protect Program, this site may assist you in finding out more.
If you had difficulties travelling or find that your name is on a watch list or a no-fly list you may find additional resources at Watch Lists and Border Patrols.
The Watch Lists and Border Patrols web site is a joint project of several civil liberties associations doing research on the surveillance of travellers. They are documenting the number of people who believe they have been mistakenly or unfairly targeted, and the nature of the incident. The purpose is also to investigate and generate better public understanding of the practices, programs and systems used to screen travellers at Canadian airports and at Canada/U.S. border crossings in order to assess the scope and depth of their practical impacts on privacy rights and mobility rights.
Process for removal from the List may be unconstitutional
The process involved in having an individual’s name removed from the No-Fly List does not appear to meet the requirement for due process, and may violate our constitutional rights under the Canadian Charter of Rights and Freedoms. The process is not transparent, and the individual has to provide evidence that he should be taken off the list, rather than the government having to prove he should be put on the list.
The process requires the individual to complete and submit the application form and wait for it to be reviewed by an independent advisor. Based on the report of the independent advisor, the Office of Reconsideration makes a recommendation to the Minister of Transport, who may either remove the name from the Specified Persons List, or confirm the advisor’s decision, in which case the applicant remains on the List.
The instructions on the application form for removal from the List state: explain clearly why you believe your name should not be on the Specified Persons List. Do not limit yourself to the space provided on the form if you need more space to provide a full explanation, attach a separate piece of paper. Of course, because you are not told why you have been put on the list in the first place, it will be difficult to determine which evidence, and how much evidence, will be sufficient to refute the allegation that you are an immediate danger to aviation security.
The decision of the Office of Reconsideration is final. There is no right of appeal. However, the individual may seek judicial review of the decision in the Federal Court. The process for removing yourself from the No-Fly List is a complete reversal of longstanding rights and democratic principles, including the presumption of innocence and the requirement for procedural fairness. For more information, visit the Watch Lists and Border Controls website, or the government’s Passenger Protect Program.
Options for making a complaint
If you believe that boarding was denied due to an act of discrimination, you may file a complaint with the Canadian Human Rights Commission.
If you believe that you were denied boarding under the Passenger Protect Program because of an “act or thing” allegedly done by Canadian Security Intelligence Service (CSIS), such as the collection of information or the provision of advice to Transport Canada, you may file a complaint with the Security Intelligence Review Committee under section 41 of the Canadian Security Intelligence Service Act. You should know that the committee does not have the authority to investigate any complaints relating to an “act or thing” done by any other federal department or agency, such as Transport Canada.
If you believe that boarding was denied due to conduct of the Royal Canadian Mounted Police, you may file a complaint with the Commission for Public Complaints Against the RCMP.
You may choose to pursue the matter by way of judicial review in Federal Court.
You may make a complaint to the Privacy Commissioner of Canada.
You may also wish to talk to a lawyer. For more information, use The Canadian Bar Association Lawyer Referral Service.
What is the Canada Border Services Agency (CBSA)?
In December 2003, the federal government created the Canada Border Services Agency, which reports to the Minister of Public Safety, to take over and integrate the front-line border management and enforcement activities that three organizations formerly performed:
- Customs services, previously part of the then Canada Customs and Revenue Agency (CCRA);
- Immigration services at ports of entry and most of the intelligence and enforcement programs of Citizenship and Immigration Canada (CIC);
- The Import Inspection at Ports of Entry program of the Canadian Food Inspection Agency.
Canada Border Services and Citizenship and Immigration Canada share responsibility for carrying out the Immigration and Refugee Protection Act. Citizenship and Immigration is primarily responsible for immigration policy, issuing visas, and pre-removal risk assessment, and Canada Border Services is primarily responsible for enforcing the Act.
Programs of the Canada Border Services Agency: NEXUS, CANPASS, Advance Passenger Information
Canada Border Services has instituted the following programs:
The NEXUS program – a joint venture of Canada Border Services and U.S. Customs enables people to speed their passage across the border at many air, land and marine points of entry by being ‘pre-screened’ and ‘pre-approved’ and using the NEXUS card, either in kiosks at airports, in dedicated lanes at land crossings or reporting in advance by phone at marine ports. To become a member of the NEXUS program, you must apply, meet the eligibility criteria and pass a risk assessment in both countries.
The CANPASS program uses biometric information about an individual’s iris to recognize them and enable them to enter Canada from the United States without having to stand in line at Customs and speak to a Customs agent. CANPASS is actually five programs: CANPASS Air, for use by people flying commercial flights; CANPASS Corporate Aircraft, for frequent travellers using corporate aircraft; CANPASS Private Aircraft; CANPASS Private Boats; and CANPASS Remote Area Border Crossing.
The Advance Passenger Information/Passenger Name Record program (API/PNR) – requires airlines landing in Canada to give Border Services the names of all passengers plus birth dates, gender, citizenship or nationality, travel document data, reservation and itinerary including type of ticket, date of travel and number of bags, before landing in Canada.
The Passenger Information System (PAXIS) – the API/PNR data received from air carriers for incoming flights to Canada are put into the Passenger Information System which is used by the National Risk Assessment Centre to identify high-risk passengers.
These programs, and other operating procedures of Canada Border Services, were examined in 2007 and in 2008 by the Auditor General. She found significant problems.
The audits revealed that these programs were demonstrably ineffective at properly managing or even using the vast amounts of personal information they collect about millions of law-abiding citizens, but remarkably effective at collecting it.
The 2007 audit of the Canada Border Services Agency Border Security
The audit of Canada Border Services revealed significant problems impacting the accuracy of personal information. The audit revealed that there was a low level of accuracy and reliability in the personal information collected, used and disclosed for security and intelligence purposes by the NEXUS and the API/PNR program:
- When approving applications from people for a NEXUS pass (which allows people to travel in a special lane and be fast-tracked when crossing the border into the U.S.), Canada Border Services didn’t look at the intelligence information in its own databases, thus reducing the accuracy of the assessment;
- Concerning the API/PNR data collected from airlines about passengers flying into Canada: in 2006, Canada Border Services did a study which found that 37% of the data transmitted by airlines was inaccurate.
Not to mention that, despite collecting vast amounts of data about people coming into the country, Canada Border Services could not accurately analyse the data because the Risk Assessment Centre, which identifies national security threats by analyzing advance information on arriving goods and people, does not have access to all the intelligence databases available to Canada Border Services. This will necessarily increase the chance of errors in the assessment of whether an individual is a risk, if information clearing that person of suspicion is in a database that is not available to the assessors.
Accuracy is a key privacy protection principle
Ensuring that personal information is accurate is an important principle of privacy protection. Section 6(2) of the Privacy Act requires a government institution that uses personal information to take reasonable steps to ensure that it is as accurate, complete and up-to-date as possible. If the information about people is not accurate, there is an increased risk that travellers will be incorrectly identified as security threats.
Clearly, Canada Border Services had failed to meet the standard of accuracy required by law. It agreed with all of the recommendations of the Auditor-General and undertook to take steps to improve the accuracy of the information and the ability to properly check personal information against available intelligence data. The outcome of those efforts is not currently known.
You have a right to request a copy of the API/PNR data that commercial carriers provide to the CBSA under the API/PNR program that is maintained in the CBSA’s Passenger Information System (PAXIS). You can also request that a notation be included if any of the information is incorrect.
To request access to your API/PNR data or to file a concern or correction, contact in writing:
Access to Information and Privacy Coordinator
Canada Border Services Agency
410 Laurier Avenue West, 10th Floor
Ottawa, Ontario K1A 0L8
The U.S. border patrol
This policy outlines how and why a U.S. Border Patrol Agent may search you or your belongings when you cross the border. The legal and business communities in Canada have been quite vocal in their concern, in large part because there is no protection for information that is solicitor-client privileged or confidential business information and even your laptop or phone may be seized when you cross the border.
Key facts and issues regarding this topic include:
- Border searches can be done without individualized suspicion, on any individual attempting to enter, re-enter, depart, pass through or reside in the United States.
- Agents may examine, review, analyze the information in documents, books, pamphlets, and other printed material, as well as computers, disks, hard drives, and other electronic or digital storage devices.
- Officers may detain originals or copies of documents and electronic devices for a reasonable period of time to perform a thorough search, on or off-site.
- Where there is no probable cause to keep the information detained, it will be destroyed (except that the CBP may retain documents relating to immigration matters).
- If an officer determines there is probable cause, based on a review of the documents or devices or other facts and circumstances, he or she may seize and retain the originals and/ or copies.
- Copies of documents or devices may be shared by US Border Patrol with federal, state, local and foreign law enforcement agencies to the extent consistent with applicable law and policy.
- Confidential business information can be seized, but officers are supposed to take all reasonable steps to treat any business information encountered as confidential and a trade secret, and prevent unauthorized disclosure.
- Sealed letter mail may not be opened or read unless they get a warrant or consent. But DHL, UPS, FEDEX are not considered to be mail and are therefore subject to border searches.
- Because legal materials could be subject to solicitor-client privilege, they will be exempt from seizure but can be subject to special handling: if an agent suspects that correspondence, court documents and other legal documents may be privileged and may be evidence of a crime or other issues within U.S. Border Patrol jurisdiction, he or she must seek legal advice prior to searching the document.
- Identification documents such as passports, drivers licenses, ID cards etc. can be copied for legitimate government purposes even if the border patrol agent has no suspicion that you are engaged in illegal activity.
The U.S. Border Patrol’s policy was recently challenged, and in a decision dated April 2008 and amended in July 2008, the U.S. Circuit Court said that reasonable suspicion is not needed for customs officials to search a laptop or other personal electronic storage devices at the border – Decision of U.S. court regarding reasonable suspicion.
For more information on electronic devices and your rights at the border, read the BC Civil Liberties Association Guide.
Statement of Jayson P. Ahern, Deputy Commissioner, U.S. Customs and Border Protection, Department of Homeland Security, Before The Senate Committee on the Judiciary Constitution Subcommittee, “Laptop Searches and Other Violations of Privacy Faced by Americans Returning from Overseas Travel”, Washington, DC, June 25, 2008: Laptop Searches and Other Violations of Privacy Faced by Americans Returning from Overseas Travel
See also his further comments on August 11, 2008
Searches by Canadian Border Services Officers
In fact, the Supreme Court of Canada decided in a case that the degree of personal privacy reasonably expected at border crossings is lower than in most other situations, and that people expect to be subjected to questions and inspections at border crossings because of the state’s compelling interest in protecting its borders by preventing the entry of undesirable persons and prohibited goods, and in protecting tariff revenue. For more information, see R. v. Simmons, 1988 CanLII 12 (S.C.C.); see also R. v. Monney, 1999 CanLII 678 (S.C.C.).
Because of Canada’s interest in protecting its borders, border services officers are allowed to search you at a border crossing in a situation that wouldn’t be enough to give a police officer grounds to search you anywhere in Canada. The standard of reasonable grounds is lowered at border crossings, because there are compelling reasons to allow border services officers more abilities to search people without having to show reasonable and probable grounds.
The Supreme Court has also said in a case that the Customs Act allows a customs officer to search not only on the surface of the traveller’s body for prohibited material, but also secreted or concealed within the travellers body. This permits bedpan vigils or other embarrassing methods of searching the inside of people for drugs or other contraband.
This is because the judges of the Supreme Court decided that subjecting travellers crossing the Canadian border to potential embarrassment is the price to be paid in order to achieve the necessary balance between an individual’s privacy interest and state interest in protecting the integrity of Canada’s borders from the flow of contraband materials.
Your right to counsel at a border crossing
You have a right to a lawyer when you are detained by a law enforcement officer, either a police or customs officer. This is your right to counsel under s. 10 of the Canadian Charter of Rights and Freedoms.
You do not have a right to counsel until you have been detained which means, essentially, that the police or other law enforcement official has prevented you from leaving and you reasonably believe that you have no choice but to do as instructed by the officer. Detention may be effected without the application or threat of application of physical restraint if the person concerned submits or acquiesces in the deprivation of liberty and reasonably believes that the choice to do otherwise does not exist. For further information see R. v. Therens, 1985 CanLII 29 (S.C.C.), 1985 CanLII 29 (S.C.C.), 1985 CanLII 29 (S.C.C.),  1 S.C.R. 613; R. v. Rahn, 1985 CanLII 31 (S.C.C.), 1985 CanLII 31 (S.C.C.), 1985 CanLII 31 (S.C.C.),  1 S.C.R. 659; R. v. Trask, 1985 CanLII 30 (S.C.C.), 1985 CanLII 30 (S.C.C.), 1985 CanLII 30 (S.C.C.),  1 S.C.R. 655.
The Supreme Court of Canada has said that routine questioning or luggage searching by a customs official at a border crossing is not a detention, but if you are taken aside and required to submit to extensive searching and you cannot leave, you have been detained, and your right to counsel is triggered. For more information, see Simmons v. R., 1988 CanLII 12 (S.C.C.) ; Jacoy v. R., 1988 CanLII 13 (S.C.C.)
This means that you have the right to remain silent and the right to ask for a lawyer. The customs officer will not volunteer to get you a lawyer; it is up to you to use your right by asking to speak to a lawyer. If you ask for a lawyer the customs official should give you an opportunity to use a phone to call a lawyer. You have a right to use a telephone, and to make as many phone calls as necessary for you to actually talk to a lawyer. You are not limited to one phone call.
If you are detained by a customs official in order to be personally searched, you have the right to request to be taken before the senior officer on duty for him or her to confirm whether there are reasonable grounds for the search. The senior officer has the authority to decide whether there are reasonable grounds for the search or whether you should be discharged. For more information, see Section 98(2) Customs Act, R.S.C. 1985, c. 1 (2nd Supp.)
A search of your body must be done by a person who is the same sex as you.
Although Canada Border Services does not have a written policy with respect to searches of laptops and other computers, these kinds of searches are allowed. Recently, in several court cases in Ontario, judges decided that a non-destructive search of a computer by turning it on and tapping on a few keys or using the devices own search functions to locate and inspect photo or video files is a routine border search and is no different from a routine search of luggage. See for example R. v. Leask 2008 ONCJ 25 (CanLII) and R. v. Bares 2008 CanLII 9367 (ON S.C.) in which the court said there is a significantly reduced expectation of privacy in a computer disc at a border crossing.
The law says that physical searches of luggage, computers and of the person’s body are aspects of the search process that people should expect, especially where there are grounds for suspecting that a person has made a false declaration and is transporting prohibited goods. Border services officers are not required to have reasonable and probable grounds and can search you and your possessions just because they suspect you might be lying.
What should you do to protect the security of your information?
Therefore, when you are crossing the border, your electronic devices can be turned on by border services officers and the contents searched. You can also be subject to invasive searches of the body if the officer has a reasonable suspicion that you have swallowed illegal narcotics or other contraband.
Many organizations in Canada now advise their staff not to carry any information on electronic devices they may take across the border, and where possible, to simply connect with their offices remotely. If it is not possible for you to take a clean device across the border, be aware that any information stored on your device will be accessible to a variety of agencies of the U.S. government if the device is seized. Take the minimum information necessary and leave the rest at home. See How to secure your laptop before crossing the border.
Privacy, law enforcement, and anti-terrorism
Search and seizure: The Canadian Charter of Rights and Freedoms
Individuals in Canada have a right under section 8 of the Canadian Charter of Rights and Freedoms to be free from unreasonable searches and unreasonable seizures of their property and their personal information. Section 8 says: Everyone has the right to be secure against unreasonable search or seizure.
- Although the word privacy does not appear at all in the Charter of Rights and Freedoms, from the first days of its application in the 1980s, section 8 has been interpreted as a shield against unjustified state intrusions on personal privacy (see R. v. Kang-Brown, 2008 SCC 18 at para. 8). Through a series of cases decided by the Supreme Court of Canada, this principle has been recognized as a core value of our society.
- Under section 8, individuals are not free from all searches and seizures, only those that are unreasonable, because section 8 protects a reasonable expectation of privacy.
Reasonable expectation of privacy
The guarantee of security from unreasonable search and seizure protects you when you are in circumstances in which you have a reasonable expectation of privacy. This requires a balancing of individual privacy interests against important societal interests such as preventing and detecting crime or ensuring public safety.
You do not have a reasonable expectation of privacy in all circumstances involving law enforcement investigations. Whether you have a reasonable expectation of privacy depends on a number of factors, including what is being searched, the place of the search, the investigative techniques used in the search and whether you are present during the search. It does not depend on whether you were actually involved in criminal activity (see Hunter v. Southam Inc.  2 S.C.R. 145; R. v. Edwards  1 S.C.R. 128; R. v. Tessling,  3 S.C.R. 432; see also R. v. Kang-Brown, 2008 SCC 18).
There is no protection under the Charter in circumstances where there is no reasonable expectation of privacy.
Even when you do have a reasonable expectation of privacy, police or other state investigators can still search you or your property, or can undertake surveillance of you or your communications, but in most cases they must go in front of a judge to get a warrant, and satisfy the judge that certain factors have been met, including that there are reasonable grounds for the search or surveillance.
In some exceptional circumstances the officer does not need to go in front of a judge because there are reasonable grounds to search without a warrant.
When can police search you without a warrant?
Police can search you if you are found on the premises of a place which is being searched with a warrant. Police can search you or your possessions if they have a reasonable suspicion that you have an illegal narcotic on your person. Police can search you if they have a “reasonable suspicion” based on objectively verifiable evidence that you are possibly engaged in some criminal activity. So, if the police have a reasonable suspicion that you may be carrying drugs on your person or in your bags and you are in a public place such as a bus station or a park, they are allowed to use sniffer dogs to sniff the bag and on the basis of the dogs identification are allowed to open and search the bag (see R. v. Kang-Brown, 2008 SCC 18).
In addition, where a police officer has reasonable grounds to believe that his or her safety or that of others is at risk, the officer may engage in a protective pat-down search of you when you are detained (even when you have not been put under arrest). Both the detention and the pat-down search must be conducted in a reasonable manner.
In sum, police can search you if:
- they have reasonable grounds to believe you are carrying a concealed or prohibited weapon.
- they have reasonable grounds to believe that you are carrying illegal drugs or alcohol that will be used for an illegal purpose.
- you are under arrest. Police officers are allowed to search for weapons or to preserve evidence if you have been arrested, even if they don’t have a warrant (see R. v. Golden,  3 S.C.R. 679, 2001 SCC 83, at para. 95).
- you consent to being searched.
What should you do if the police physically search you without a warrant?
You should not physically resist the search, but if you do not consent to the search, say you do not consent. If you physically resist the search there is a possibility that you could be charged with assault or obstruction.
When can police search your vehicle?
Police can search your vehicle if you give them permission, or they have a warrant, or if they find you in it committing an offence, or if they have arrested you. They can also search your vehicle if they have reasonable grounds to believe that there may be illegal drugs, alcohol or weapons in it (for example if they smell drugs or alcohol or if they see something illegal in plain view). More information on police searches.
When can police search your premises or property without a warrant?
Most searches of premises or property require a warrant, except if:
- there are exigent circumstances, such as where the police know that someone is critically injured or there is a serious threat to an individual or the public or;
- the police have authority to arrest someone who they have reason to believe is on the premises.
When is a warrant needed for police to search premises or property?
Except in the circumstances discussed above the police are required to go before a judge or justice of the peace to get a warrant before searching your premises or property.
The police must give evidence to the judge or justice of the peace to satisfy him or her that reasonable and probable grounds for the invasion of privacy exist before the search and seizure will be authorized by way of a warrant or court order.
As with other areas of privacy law, the protection of privacy is balanced against the needs of others, so where the individual’s reasonable expectation of privacy is low, the protections will be lower. Where the individual’s reasonable expectation of privacy is higher, more stringent rules will be applied. An individual’s bodily integrity and the integrity of his or her home are at the highest end of the spectrum.
In order to get a warrant the police have to swear under oath and the judge has to be satisfied that there are reasonable grounds to believe that in the place to be searched they will find evidence of an offence; or evidence that will reveal the whereabouts of a person who is believed to have committed an offence; or anything that is intended to be used for committing an offence; or any property related to an offence.
What to do if the police have a warrant to search your premises or property
If the police come to your premises or property and show you a warrant, you should check that the address is correct, that the warrant contains a description of the offence that is alleged, and that the warrant is valid for the date and time that the search is being carried out.
If you believe that the warrant permits the search, allow the police to enter and search. Do not resist or physically block them.
Although you have a right to verbally refuse the police entry if you believe the warrant is invalid, the police have a right to force entry after they have made a formal demand that the premises be opened to them on the basis of the warrant. Do not physically block the police. If the warrant is later judged to be lawful, you could be charged with obstruction.
Once the police have entered your premises, they can seize anything described in the warrant, or any other thing that they have reasonable grounds to believe has been obtained by or used in the commission of an offence. You do not have to answer questions that the police ask you. But remember that you should tell them you do not want to answer questions until you have spoken to a lawyer.
Lawful Access to email and other telecommunications
Law enforcement agencies sometimes want to be able to intercept an individual’s email or other communication, see who sent it and received it. They want to know what type of file was transmitted and what the content of the email or other communication was. They also want to be able to track the web pages the individual visited. ‘Subscriber information’, including name, IP address, email address, telephone number, cell phone number and unique number associated with the cellphone, is the information that generally is sought by these proposed laws.
However there is currently no law that requires telecommunications service providers to use a particular system or standard that permits communications to be intercepted. As a result, law enforcement agencies say that sometimes these types of interceptions are not technically easy to do. Essentially, they want the internet service providers to be required by law to enable the interception and surveillance by building specific types of systems into their networks. This type of law is referred to as a lawful access law.
There have been many efforts by lawmakers to pass laws to make it easier for police to intercept communications over the internet. Police and intelligence agencies claim that new technologies, and the growing complexity of telecommunications networks, often present obstacles to the lawful interception of communications because they can enable criminals to operate in ways that cannot be readily detected.
In fact, existing laws are enough to allow law enforcement agencies to intercept communications transmitted by new technologies. Passing a law that makes telecommunications companies build their systems to meet technical standards that are specifically designed to enable surveillance will make these private businesses agents of the state. This is inconsistent with a free and democratic society. As well, many argue that there is little evidence in support of the need for this type of new law, or that it actually helps fight terrorism or organized crime.
For further information, see an overview of the history of lawful access efforts.
Police Records Information Management Environment (PRIMEBC)
If you are arrested and charged, your personal information, including your name, fingerprints and what you are charged with, will be collected by the police and entered into its computer system. It is entered into the PRIME BC system and shared with the Canadian Police Information Centre (CPIC) which is a national information-sharing system. Each of these systems is discussed below.
The RCMP operates PRIME-BC, a British Columbia-wide computer system connecting the information from municipal police departments, the RCMP at the federal, provincial and municipal level and the Greater Vancouver Transit Authority Police Service. It provides access to information about criminals and crimes instantly to all of these police agencies.
The information on the system can be accessed by police officers from mobile units in their police cars. Files created in the mobile units are immediately accessible by the police detachment. The mobile workstations give officers access to the whole file, including mugshots, fingerprints and other digital images. Officers can create, update, browse and search a file and update and review details of court proceedings from the time charges are laid to the disposition of the case.
The mobile workstation contains a card swipe feature that allows an officer to swipe a BC drivers’ license. All the information stored on the driver’s license is instantly uploaded onto the system to create a file.
PRIME-BC integrates all police information within BC, and the information is shared out to other agencies throughout Canada using the Police Information Portal (PIP) and the Canadian Police Information Centre (CPIC). See the BC RCMP website for more information.
How to find out what information is held about you in PRIME BC
You have a right to request access to your personal information held by the RCMP, including information that may be in PRIME-BC. However, you may not be given access to all of your personal information if a legal exception to your right to get access to the information applies.
If you want to make a request for access to your personal information held in PRIME BC, that request can be made under the Federal Privacy Act. You may use a fillable form to make the request here. Or you may contact the RCMP directly.
You may also want to make the same or similar access request to your local police department; a different access law applies to your local police department than to the RCMP, so the information is managed locally. There may be similar limits on your right to see your personal information as those that apply to the RCMP, but because you will be dealing with different agencies, making the request may be worth a try. For more information, see the Vancouver Police Department’s Freedom of Information and Privacy website, or the Victoria Police Department’s Freedom of Information and Privacy website.
The Anti-Terrorism Act
The Anti-Terrorism Act (ATA) became law in 2001. It amended the Criminal Code to create new terrorism offences and to give police and intelligence agencies new powers to obtain electronic search warrants and to hold investigative hearings and impose recognizance with conditions. The ATA also changed the National Defence Act to allow Canadian intelligence agencies to intercept communications of Canadians in Canada (essentially to allow spying on Canadians), and amended other laws to allow the Attorney General to prevent the disclosure of information on the grounds of national security.
The Anti-Terrorism Act makes it an offence to commit a terrorist act or to be a member of a terrorist group or provide support to a terrorist group. Here is a Government list of the terrorist groups it is illegal to be a member of or support.
Support to a terrorist group includes financial donations. If you provide financial support to a terrorist group you could be arrested and charged.
The investigative hearings and recognizance with conditions portions of the Anti-Terrorism Act expired on March 1, 2007. But on March 12, 2009 the federal government introduced Bill C-19 which would reinstate both investigative hearings and recognizance with conditions.
An investigative hearing is a hearing in which a particular individual can be required to answer questions from a judge and is not allowed to refuse to answer. If you were summoned to give evidence at an investigative hearing, you would not have the right to remain silent, but your evidence could not be used against you except in a trial for perjury (lying under oath).
The reinstatement of recognizance with conditions would allow a peace officer to arrest you if they believe you are about to commit a terrorist act, and bring you to court within 24 hours. At court, the judge could order you to be held in jail for up to three days or could order that you be released so long as you promised to obey certain conditions. The judge could also order that you be released altogether. You would not be charged with any offence, and you would not be tried. If you refused to accept the conditions imposed by a judge, you could be jailed for up to a year.
The bill reached second reading stage in the House of Commons in June 2009 and died on the Order Paper when Parliament was prorogued on 30 December 2009. However similar provisions were introduced in Bill C-17in 2010, and then again in Bill S-7in 2012, which passed both houses and received Royal Assent April 25, 2013.
What to do if you are arrested or detained for anti-terrorism purposes
If you are arrested for anti-terrorism purposes, even if you believe you have done nothing wrong, you should immediately ask for a lawyer. Do not resist the officers, but assert your right to speak to a lawyer as soon as possible.
If you are brought before a court and required to give evidence about a suspected terrorist act, you will have a right to a lawyer, but you will not have a right to remain silent, although the evidence you give cannot be used against you later except in a trial for perjury (lying under oath).
Criticisms of the Anti-Terrorism Act
The Anti-Terrorism Act made changes to a lot of other laws with the result that individual privacy rights in Canada suffered. The ATA made it easier for law enforcement and national security agencies to obtain electronic surveillance warrants, gave the Canadian Security Establishment Canada (CSEC) the power to intercept Canadian communications, when such communications are one end of a network located overseas. It weakened independent and judicial oversight of the surveillance activities of law enforcement and security and intelligence organizations. It added to the secrecy surrounding legal proceedings, contrary to fundamental constitutional principles that courts are open to the public, and that individuals are entitled to know the charges and the evidence against them.
By making changes to many different laws, the Anti-Terrorism Act created a structure of privacy-invasive law enforcement techniques that undermine privacy rights and freedoms from many directions, and take Canada further toward a surveillance society.
For more information about your rights under the Anti-Terrorism Act, read the Anti-Terrorist Legislation chapter of the BCCLA’s Arrest Handbook. See also The Canadian Bar Association Lawyer Referral Service and a list of legal aid clinics in BC
Proceeds of Crime (Money Laundering) and Terrorist Financing Act
The Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) requires certain types of businesses to file reports about certain types of transactions to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), which reviews the reports to determine whether the transaction might involve criminal or terrorist activity financing.
FINTRAC gives law enforcement agencies financial intelligence that is relevant to the investigation or prosecution of money laundering offences and terrorist activity financing offences. It also gives CSIS financial intelligence that is relevant to threats to the security of Canada.
Financial institutions; insurance companies, brokers and agents; accountants; securities dealers; casinos; real estate brokers, agents and developers; money services and remittances businesses; dealers in precious metals and stones; and notaries in BC are all required to report to FINTRAC.
These businesses are required by law to collect detailed and specific information about their clients and their transactions, maintain detailed records, report all transactions over $10,000 and report any transaction if they have reasonable grounds to suspect a money laundering or terrorist financing offence is going on.
These reports are made without the client’s knowledge. Up to $2 million in fines or up to five years in prison can be imposed on businesses or business people who fail to file the reports.
Requirement for proof of identity
Before these businesses carry out or attempt to carry out the transaction, they must confirm the client’s identity. For this reason they have to require the client to show at least one of a number of different types of identity documents. These include a birth certificate, a current driver’s license, a Canadian or foreign passport, a record of landing, a permanent resident card, a certificate of Indian status, a territorial ID card or other similar document.
The document must be valid, must have a unique identifying number (such as a license number or passport number) and cannot have expired.
The document used to prove the client’s identity must be original. The businesses are not allowed to rely on copies of documents.
If the business concludes that the transaction is a reportable transaction, they must file one or more of several different types of reports: Suspicious Transaction Reports, Large Cash Transaction Reports, Terrorist Property Reports and Electronic Funds Transfer Reports.
Suspicious transaction reports
Suspicious Transaction Reports must be filed when there are reasonable grounds to suspect that the transaction is related to money laundering or terrorist financing. What the reasonable grounds are will vary depending on the business and what is normal in the particular industry. There is no minimum amount of value for a transaction to be reported to FINTRAC. The key is whether the reporting business has reasonable grounds in the circumstances to believe that the transaction may be associated with money laundering or terrorist financing.
Terrorist Property Reports must be filed when the business knows or believes that it has property in its possession or control that is owned or controlled by or on behalf of a terrorist or terrorist group. Large Cash Transactions reports must be filed about all transactions involving more than $10,000 received in cash. Electronic Funds Transfers reports must be filed by casinos, financial entities and money services and remittance businesses, when the business sends or receives international electronic funds transfers of $10,000 or more.
Detailed personal information to be included in the reports
FINTRAC encourages the reporting businesses to give it as much personal information about their clients as possible. It appears that there are no limits on the amount or type of information that FINTRAC will accept, and the reports can include a wide range of personal information about the client, his or her friends and associates, the client’s behaviour, and the impressions and opinions of the reporting business about the client’s behaviour.
FINTRAC specifically suggests that the reports could include details about the indicators the reporting business observed that caused it to be suspicious and why the indicators are suspicious given the nature of the industry the reporting business is in; information about the client including known aliases or associates; and information about other connected transactions if they are also being reported.
Politically exposed foreign persons
Some reporting businesses also have to determine whether the client is a politically exposed foreign person or their family member (these are financial entities, securities dealers, money services and remittances businesses and life insurance companies, brokers and agents). A politically exposed foreign person is an individual who holds or has ever held one of the following offices or positions in or on behalf of a foreign country:
- a head of state or government;
- a member of the executive council of government or member of a legislature;
- a deputy minister (or equivalent);
- an ambassador or an ambassador’s attach or counsellor;
- a military general (or higher rank);
- a president of a state owned company or bank;
- a head of a government agency;
- a judge; or
- a leader or president of a political party in a legislature;
- the holder of any office or position listed in the regulations enacted under the PCMLTFA.
A politically exposed foreign person is also these family members of the individual described above:
- mother or father;
- spouse or common law partner;
- spouse’s or common law partner’s mother or father
- brother, sister, half-brother or half-sister (that is, any other child of the individual’s mother or father).
An individual or family member described above is a politically exposed foreign person regardless of their citizenship, residence status or birth place. If the person is a politically exposed foreign person, their accounts and transactions must be more closely monitored on an ongoing basis to detect suspicious transactions. This requirement to report on people based solely on the job they hold or the job held by a family member is extremely broad and privacy-invasive.
FINTRAC analyzes all the information provided in the reports together with information it gets from other sources such as data brokers, law enforcement and other federal agencies. It can give the information to law enforcement, the Canada Revenue Agency (in cases which include tax matters), CSIS, Canada Border Services, Citizenship and Immigration Canada (in cases which include immigration matters) or other government bodies if there are reasonable grounds to suspect that the information would be relevant to investigating or prosecuting a money laundering or terrorist financing offence.
Serious privacy rights concerns with these reporting requirements to FINTRAC
These reporting requirements pose significant risks to privacy rights because businesses are required to act as de facto agents of the state, collecting information solely for the purposes of reporting it, and making independent judgments about the suspiciousness of their clients and their transactions. These reporting requirements give governments a great deal of personal information for investigatory purposes without requiring the government to get a warrant or show reasonable grounds to get the information. And the information can be retained for a long period as much as 15 years in some cases.
FINTRAC also has enforcement power and can impose penalties and fines, so there is a risk that businesses wanting to avoid the chance of high penalties will report even more than is necessary.
Critics have argued that the large number and type of businesses that are required to file these reports is far more than necessary to address money laundering and terrorist financing, and will inevitably capture millions of innocent transactions and people. The requirement to report on politically exposed foreign persons is potentially unconstitutional in that it may infringe the equality rights of individuals who are captured by the definition.
In addition, the law was originally intended to deal with money laundering and terrorist financing, but FINTRAC is allowed to give the information to the Canada Revenue Agency if it believes the information may also be evidence of a tax fraud or evasion; to Canada Border Services if it believes the information may be used to investigate immigration fraud, avoidance or duties or smuggling; or to the Communications Security Establishment for purposes of surveillance.
All of these privacy-invasive measures have been introduced without much evidence showing that they are necessary. There is little publicly available evidence about the size or scope of money laundering and terrorist financing problems in Canada, and little evidence to show that these measures are needed or even if they work.
Privacy of personal health information
BC's health system and your privacy
In the health sector in British Columbia there are two privacy laws which apply the Freedom of Information and Protection of Privacy Act (FOIPPA) applies to government bodies including hospitals, health authorities and clinics; and the Personal Information Protection Act (PIPA) applies to the private sector offices of doctors and other health care professionals, and to private clinics and labs. Both of these privacy laws require that:
- your personal health information be kept confidential and secure from unauthorized access, use, disclosure, modification or destruction;
- you can get access to your personal health information upon request;
- you can request that your personal health information be corrected.
You also have the right to consent or to refuse consent to whether your personal health information is collected, used and disclosed when your doctor or other health care professional is giving you treatment or care.
In most cases you will not be asked for your consent when you are seen by a health professional for treatment or care (except perhaps at an initial visit when you fill out forms to be kept in your file), or when it is sent to another doctor you’ve been referred to, because your consent is assumed.
You must give specific instructions to your health care provider if you do not want your personal health information shared with others, or if you want to make sure it is not seen by a particular person.
These consent rights are threatened by new technological developments and by new laws.
You do not have any consent rights when your personal health information is collected, used or disclosed for health system management or administrative purposes (such as for the provincial insurance plan, or investigations into medical error, or for public health purposes), nor when your personal health information is made anonymous and then used for research purposes. You do not have a right to refuse to have your prescription information put into the PharmaNet system.
You do have a right to make a complaint to the Information and Privacy Commissioner of BC if you believe that your rights under either privacy law have been infringed. Generally it is recommended that you first go to the doctor or organization and try to work out your complaint directly. If that fails, then you may make a complaint to the Information and Privacy Commissioner. It is a good idea to know which privacy law applies in your circumstances, and the Privacy Commissioners office will provide you with some assistance, if you are not sure which law applies.
Find out which law applies to your situation.
How to make a complaint under PIPA or FOIPPA.
More information from the Office of the Information and Privacy Commissioner
Right to access your record in your doctor’s or other health provider’s office
You have a right to see the information in the record your doctor (or other health care provider) keeps about you. The information in the record is yours, although the records the actual documents belong to the provider and the law requires him or her to keep the records. In general, your doctor or other provider cannot refuse to let you see the information in your file, except if she or he believes that letting you see it might put you or somebody else at risk.
The simplest thing to do is simply to ask to see your records. Your provider will probably give you a chance to look at them without you having to make a formal request for access under the Personal Information Protection Act (PIPA). You should be given a copy if you ask for it. You may be asked to pay a fee for this service, which is allowed under the law. This is not paid by health insurance.
You may want to make your request more formally, so that, in case it becomes necessary, you can rely on all your rights under PIPA. In order to do that, you must make your request in writing and mail or deliver it to the health care provider. Click here for a form requesting personal information in the private sector.
In certain rare circumstances, your health care provider may refuse to let you see all of your medical record. This is because PIPA makes it unlawful to give you access to your personal information in three circumstances:
- if there is a health or safety risk in giving you the information;
- if doing so would reveal another individuals personal information; or
- if giving access would reveal the identity of someone who gave an opinion about you and the opinion-giver has not consented to his or her identity being disclosed.
Your request for access should not be refused unless your provider believes that one of these circumstances applies. If that happens, and you cannot solve the problem with your doctor, try calling the Ethics Department of the College of Physicians and Surgeons of BC at 604.733.7758 in Vancouver, and 1.800.461.3008 outside of Vancouver.
Outside of Victoria, call Enquiry BC and ask for the Office of the Information and Privacy Commissioner. The number for Enquiry BC in the Lower Mainland is 604.660.2421; from anywhere else in BC call 1.800.663.7867.
Access to your health information in the electronic healthrecords system
The province of BC uses an electronic health records system, or e-Health, which is a province-wide system for storing every citizen’s medical information and making it accessible from anywhere in the province. Every citizen will have his or her own personal electronic health record or EHR. If you want access to your EHR, you should be able to make a request through the Ministry of Health Services, under the Freedom of Information and Protection of Privacy Act (FOIPPA).
The law also requires your doctor to make sure the information in your medical records are accurate and complete and up-to-date. If you think your doctor made a mistake in your medical records, you have a right to ask him or her to correct it. The doctor will not make the correction, but will make a note of your request on the document you want corrected. This is because other laws do not allow a doctor to change a medical record. If your doctor requires you to make a formal request, you may wish to rely on PIPA as the authority for your request.
Your doctor should have a system in place to protect the privacy of your health information. You still should be able to get a copy of your medical record when you ask for it. Your doctor may ask you to fill out a form. Click here for information from the BC Medical Association about what doctors have to do to obey the privacy law.
Right to access your records in a hospital or other government facility
You have a right to get access to your medical records that are in a hospital, clinic or care facility that is operated by the government, or in the Electronic Health Record (EHR) system. Your right is limited when there is a legal reason that the information in the record should not be given to you.
You have to make a request for access to personal health information by sending a form to the Access and Privacy Office of the health authority that operates the hospital.
Figuring out where to send your request can be tricky. Although one way to find out where to send your request is to look on the website of the health authority or facility, some hospitals and health authorities do not post a link on their website to their Access and Privacy Office or give any instructions on how to request access from them.
If you find that you cannot easily figure out how to request access from the hospital or facility, simply call the corporate office or general inquiries telephone line and ask to speak with the Freedom of Information Officer.
To find out how to get access to records from the following health authorities, click on the relevant link:
Vancouver Island Health Authority Information Stewardship, Access & Privacy
1952 Bay Street, Victoria BC V8R 1J8
There are no links to an Information and Privacy page on either of the websites of the Northern Health Authority or Fraser Health Authority; however their contact information is listed below.
Contact information for Fraser Health Authority
300, 10334 – 152A Street
Surrey BC V3R 7P8
Phone: 1-877-935-5669 or 604-587-4600
Fax: 604-587-4666 Web: http://www.fraserhealth.ca
Contact information for Northern Health Authority
Northern Health- Corporate Office
Suite 600, 299 Victoria Street
Prince George, British Columbia, Canada V2L 5B8
Phone: (250) 565-2649, Fax: (250) 565-2640, Web: http://www.northernhealth.ca/
Northern Health is split into three operational areas: the Northeast, Northern Interior, and Northwest. To contact the health centres in specific communities, please click on the links below.
Northeast: Chetwynd; Dawson Creek and Pouce Coupe; Hudsons Hope; Fort Nelson; Fort St. John; Tumbler Ridge
Northern Interior: Burns Lake, Fort St. James, Fraser Lake, Granisle, Mackenzie, McBride, Prince George, Quesnel, Valemount, Vanderhoof
Northwest: Atlin, Dease Lake, Houston, Hazelton; Masset, Kitimat, Port Clements, Prince Rupert, Smithers, Stewart, Terrace, the Village of Queen Charlotte
Electronic health records and E-Health systems in BC
While the Province says that patient privacy is of major importance, and that the system has many privacy-protective features built in, including firewalls and role-based access, in fact it appears that the systems were built before the privacy rules were properly defined. This has raised very serious concerns among privacy advocates. For further information from the government, see e-health.
The Legal Framework for e-Health in BC
In 2008, BCs E-Health (Personal Health Information Access and Protection of Privacy) Act was enacted to support the development of the e-Health system.
Under the e-Health Act, the Minister can designate any health database in the public system as a Health Information Bank (a HIB) and require it to be filled with information from doctors, other health care providers, labs and others in the broader health care system. To date only the the Provincial Laboratory Information System or “PLIS” has been designated as a HIB. PLIS holds all diagnostic laboratory test results done in BC, and is intended to provide simple and quick access for authorized health care providers to an individual’s lab test results, and also enable the collection of laboratory information for the purpose of analyzing and managing chronic disease in BC. A HIB can be created only for one or more of the following purposes: to identify an individual who needs or is receiving health services; to provide or facilitate the provision of health services to a patient; to identify providers; for chronic disease management; to facilitate health insurance and billing; and for public health, planning, maintenance and research purposes.
Under the e-Health Act, the administrator of the Health Information Bank is given the power to request any person to provide information or records containing personal health information to the HIB. The person must comply with the request, unless another law prohibits them from disclosing the information.
So, one of the major reasons for the legislation is to enable the government to create large data banks of health information about identifiable individuals, and to allow the Ministry to require personal health information to be disclosed to these data banks, except where disclosure is prohibited by law.
The e-Health Act gives individuals a right of access to their information held in a health information database except this part of the law is not in force. It is not known when, if ever, the access provisions of the law will be in force.
The e-Health Act gives individuals a limited right to impose a ‘disclosure directive’ on their health information to limit to whom the information may be disclosed. Once your information is in your EHR, some parts of it can flow through the system, and be accessible to other HIBs, unless you use your right to put a disclosure directive on your personal health information.
A ‘disclosure directive’ is an instruction by you about whether or not your information can be disclosed, or to whom, or for what purpose, that is attached to your EHR in a particular HIB. While this sounds like a positive step to protect patient privacy, what the law requires in order for individuals to put disclosure directives on their personal health information will probably result in very few individuals actually using this right.
The e-Health Act requires that the patient must make the disclosure directive in the way that is required by the order that established the particular HIB. So this means that the individual must find out what the order requires. The disclosure directive will not take effect until it is “activated” in the relevant HIB. It is not clear what activated means.
To find out what the order designating a HIB requires, the individual must find the order in the BC Gazette. When a HIB is designated, an announcement will be put into the Gazette, the government publication that announces new regulations, orders-in-council and other similar types of government business. The Gazette is available online, and at public libraries. Critics point out that the Gazette virtually never comes to the notice of the average citizen, so that publishing the information in the Gazette is not the same thing as publicizing the information in the media. Rather, the information published in the Gazette is available for the citizen who knows to go looking for it and chooses to do so. The citizen must keep up to date on the orders which designate new health information banks, by ensuring that they regularly check the Gazette.
You do have the right to limit who can gain access to health information contained in a HIB by using a disclosure directive.
A ‘disclosure directive’ is an instruction by you about whether or not your information can be disclosed, or to whom, or for what purpose, that is attached to your EHR file in a particular health information bank.
There are a few steps involved in putting a disclosure directive on the information in a health information bank. You must download the form from the Ministry of Health website or call Health Insurance BC at 604-683-7151 in the Lower Mainland or elsewhere in BC: 1-800-663-7100. If you call, a representative on the helpline can answer any questions you may have.
Mail the completed form to:
Disclosure Directive Service
PO Box 9688 Stn Prov Govt
Victoria, BC V8W 9P8
And finally, the e-Health Act permits HIBs to be created that are exempt from disclosure directives, or that limit the types of disclosure directives that can apply or the classes of people that can make disclosure directives. So there is no guarantee that individuals will even have the right, in all cases, to make a disclosure directive.
How to opt out of e-Health
If you do not want your personal health information being disclosed to a Health Information Bank (HIB), it appears that the simplest way is to tell your doctor in writing. While this will not ensure that all your health information in the system will remain confidential, it will protect the information that comes from your medical record in your Doctor’s office.
It is not known how prescription information can be protected from disclosure in e-Health. Currently you can protect your PharmaNet patient record with a keyword, but cannot opt-out of the records system. When PharmaNet is incorporated into e-Health, it is unclear if the key word system will still operate or some other means of disclosure directive will be available.
Disclosure for research purposes
The e-Health Act includes detailed sections for how and when personal health information can be disclosed for a research purpose and provides for the creation of a data stewardship committee to oversee the disclosure of personal health information from a health information bank for a planning or research purpose. The data stewardship committee is solely responsible for managing the disclosure of personal health information contained in a HIB or a ministry database, when the disclosure is for a planning or research purpose. The data stewardship committee consists of twelve people, with representatives from the College of Physicians and Surgeons of BC, the colleges of pharmacists and of nursing, representatives of the Ministry of Health Services and of health authorities, a health researcher and three members of the general public.
Disclosure of personal health information from a HIB for research purposes can only be done if the disclosure is authorized under the terms of the designation order and certain other requirements are met, including:
- the health research cannot reasonably be accomplished without the personal health information;
- it will not be used to contact individuals to ask them to participate in the research unless the Information and Privacy Commissioner approves;
- if the research involves record linkage (linking records from different sources to find out new information about individuals) the linkage is not harmful to the individual and is clearly in the public interest;
- the data stewardship committee has to impose conditions relating to security and confidentiality and the removal of individual identifiers at the earliest reasonable time (to render the information de-identified or anonymous);
- the personal health information cannot be subsequently used or disclosed without the express authorization of the data stewardship committee.
Depending on the type of information and whether the HIB includes the right to use disclosure directives, you may have a right to limit how your information will be used for research. However, if the information isde-identified you will not have the same rights, because it is no longer personal health information, since it does not identify an individual.
Given the amount of research done in the province of BC (we have three major research universities plus many smaller institutions) and the desire of researchers to use personal health information in the research, critics have questioned whether one committee of twelve people will have sufficient capacity to address the number of requests it may receive.
Electronic Medical Records (EMR)
The BC government has entered into an agreement with the BC Medical Association to fund the Physician Information Technology Office (PITO), which provides financial and technical assistance to doctors who agree to use specified software companies and off-site storage systems linked to the provinces iEHR system, and who agree to have their patients information automatically uploaded to the EHR system.
The information to be uploaded by the BC government from the doctor’s electronic medical record to the province-wide iEHR is referred to as the Core Data Set. Each identified individual patient’s Core Data Set includes:
- demographic information;
- current conditions;
- past medical and surgical history;
- current medications;
- advance directives;
- most recent and critical diagnostic data.
The Core Data Set may include the patient’s most sensitive and revealing personal health information. And once the systems are built, extraction of the patients personal health information from the physicians EMR to the province-wide iEHR will be automatic, and done on a routine basis.
Interoperable Electronic Health Records (iEHR)
The primary purpose of the iEHR system is to make patient data accessible to other health care providers such as other doctors, therapists, pharmacists, physiotherapists and dieticians. The government of BC says that a health provider’s access rights will be based on their role, but it seems clear that they all could have access to the Core Data Set.
The other main purpose of creating the iEHR system is to enable more efficient healthcare system planning. For this purpose, aggregated (e.g. compiled and anonymous) information from individual health records will be used to analyze how the whole health system is being used, to better understand health outcomes for people and minimize costs to the system. In addition, the iEHR will facilitate the gathering and distribution of health information to researchers for research purposes.
Can you refuse to have your medical records go into the iEHR?
If your doctor is in private practice, you have the right to tell your doctor that you do not consent to your medical information in his file being disclosed to the Interoperable Electronic Health Record (iEHR), and your doctor has to follow that instruction.
Already, health authorities often use large centralized systems, and if you see a physician at a clinic, or get a test done at a laboratory or imaging centre operated by a health authority, you do not currently have the right to tell the health authority that it cannot keep your medical information in its systems. This is because physicians are required to keep a record of their consultations and treatments, and health authorities also must follow this requirement. Even this more limited disclosure into a shared record system within a health authority can be a privacy concern for some patients.
You can put a disclosure directive on your health record, to limit who will have access to your records or see certain parts of the information.
You do not have the right to refuse to have your prescription information put into PharmaNet and from there into the iEHR. This is because the province passed a law requiring that all prescription information must be put into PharmaNet.
You do have the right to tell private labs and private imaging centres that you do not want your information disclosed to the province’s iEHR system.
Pharmacists and PharmaNet
This network contains confidential personal profiles of everyone who has obtained prescription medications from a pharmacy in BC, whether dispensed in a community pharmacy or hospital outpatient pharmacy. This means PharmaNet tracks your entire prescription history, regardless of where you get your prescription filled in BC.
Each time a prescription is filled, a drug interaction check is done, and a claim is sent to PharmaCare to determine how much the patient must pay and how much is covered by PharmaCare. Hospital emergency departments and medical practices use PharmaNet to access patient medication profiles. Mental health facilities also have access.
It is a good idea to check your PharmaNet record from time to time to ensure that it is accurate, as, like anything else, computer glitches or human error can result in errors in your file.
The eDrug Project is one of the province of BC’s current Electronic Health Record (EHR) projects. It involves upgrading the existing PharmaNet system and integrating with BCs electronic health record as it comes online.
How do you limit who can see your PharmaNet patient record?
If you want to limit who can see your patient record, you can put a keyword onto it. Then your patient record will be accessible only to the pharmacy that knows your keyword. Your keyword will be needed each time you want to fill your prescription, including to refill the same prescription. It is also needed when you request information about your prescriptions, and every time a physician requests information from your patient record on your behalf, including your own doctor.
If you want to ensure that no one can get access without your express permission, you do not have to give any pharmacy or pharmacist your keyword. You control who can keep it on file. For example, you can give your keyword to your local pharmacist to keep, so only he (and any assistants) can access your PharmaNet patient record without having to ask you every time. If you want to use a different pharmacy you must remember your keyword so you can give it to that new pharmacist for that one-time use.
How do you put a keyword on your PharmaNet patient record?
Putting a keyword on your patient record is simple. It is done at your local pharmacy by your pharmacist. You simply tell him or her you want to put a keyword on your patient record, and the pharmacist will put it on, after your identity has been verified and you have chosen your own keyword. Your local pharmacist might want to keep a record of your keyword to enable access your file to fill your prescriptions, but you must give your consent first.
Unless the pharmacist has known you personally for more than two years, you have to show government-issued identification to prove your identity.
If you forget your keyword, you can ask your pharmacist to call the PharmaNet Help Desk, which will, on your instructions, delete your keyword and allow the pharmacist to access your patient record. You have to provide government-issued identification to the pharmacist before this is done.
You can put a new keyword on your patient record after your prescription is filled. You can change your keyword only once in any 24 hour period.
If you are in the emergency ward and are unable to give your keyword to the emergency staff, they can call the PharmaNet Helpdesk and have the keyword removed, so they can see what medication you are taking.
Some pharmacists may not be familiar with how to put a keyword on a patient record. You may wish to tell them about the instructions available on the College of Pharmacists website or simply print them out and take them with you to the pharmacy.
How do you get access to your PharmaNet patient record?
It is a good idea to check your patient record from time to time to make sure it is accurate. This link at the College of Pharmacists of BC will explain how to obtain your PharmaNet Patient Record.