Data Protection in the Private Sector - Options for a Uniform Statute 1996

1996 Ottawa, ON

Civil Section Documents - Data Protection in the Private Sector: Options for a Uniform Statute

On Monday, August 12, 1996, the ULCC Civil Section approved the recommendations contained in the paper prepared by Tom McMahon and presented to the ULCC. The ULCC recommended that a uniform statute for regulating how the private sector handles personal information should be drafted and presented to the 1997 ULC conference, incorporating the recommendations of the paper presented at the 1996 conference.

The recommendations in the paper accepted at the 1996 conference were that the draft statute should:

  • apply equally to all businesses and non-government organizations, regardless of the size or type of activity;
  • treat all personal information the same way, regardless of the different sensitivity of some information;
  • be based on established data protection principles such as those found in the Canadian Standards Association Model Code for the Protection of Personal Information;
  • establish an administrative mechanism to oversee the implementation of the law (such as existing data protection commissions);
  • provide the data protection commission with the power to educate the public about data protection in the private sector; investigate and mediate complaints, but only after the company complaint process has been tried first (assuming there is a company complaint process and that the process has clear and short timelines, but allow for exceptional cases where a complaint could go directly to the Commission);
  • allow the Commission to publish the names of companies that do not comply with the data protection law; and
  • include an offence provision for violation of the law.

More consultation should occur on the questions of:

  1. how the uniform law would integrate with standards organizations that provide registration of data protection practices pursuant to the CSA Code; and
  2. what is the most appropriate adjudication model (courts; ad hoc tribunals; permanent Commissioners: it may be possible for different provinces to adopt different approaches).

In addition to the recommendations in the paper presented to ULCC in 1996, the Civil Section specifically recommended that the data protection commission have the power to conduct compliance audits at its discretion on an ad hoc basis. The Committee also resolved:

"That the working group undertake to ascertain if there are effective mechanisms for the development and ratification of sectoral codes or other measures that provide more precise guidelines for the protection of privacy and disclosure interests specific to particular sectors consistent with the general principles set out in the Act."


ULCC Advisory Group on Protection of Personal Information
Tom McMahon, Chair1

Uniform Law Conference of Canada, August 1996

INTRODUCTION - THE CONSULTATIONS TO DATE

1. IS A LEGISLATED APPROACH DESIRABLE?

2. WHAT SHOULD THE STATEMENT OF DATA PROTECTION PRINCIPLES CONTAIN?

3. WHAT KIND OF OVERSIGHT MECHANISM SHOULD EXIST?

4. WHAT POWERS SHOULD AN OVERSIGHT BODY HAVE?
Public Education mandate
Complaint investigation powers
Complaint adjudication powers
Company complaint process first?
Technology Assessment
Compliance Audits
Remedial Powers
Order registration to the CSA Model Code?
Publish names?
Offence provision?
Damage awards?

5. WHAT SHOULD BE THE SUBJECT MATTER OF A MODEL DATA PROTECTION LAW?
Sectoral codes?

6. MISCELLANEOUS MATTERS.

ANNEX I - SUMMARY OF RECOMMENDATIONS

ANNEX II - THE PRINCIPLES IN THE CANADIAN STANDARDS ASSOCIATION MODEL CODE FOR THE PROTECTION OF PERSONAL INFORMATION

ANNEX III - SUMMARY OF THE QUEBEC MODEL

ANNEX IV - QUESTIONNAIRE

ANNEX V - PERSONS CONSULTED


Next Annual Meeting

2018 Conference (Centennial)

Delta Hotel

Québec City, QC

August 12 - 16, 2018