Personal Information Protection and Electronic Documents Act
Personal Information Protection and Electronic Documents Act (PIPEDA)
PIPEDA is a Canadian law that deals with data privacy. It assists in monitoring the private sector on how they use, collect and disclose personal information during their business operations. The act mainly focuses on the electronic documents that belong to different citizens and are essential since they contain personal information. It was first issued by the Canadian law to assure the European Union that their citizens’ personal information was safe in the Canadian privacy law and it would be reviewed every five years since the year 2000 when it first came to place.
PIPEDA Case summary- Bank accused of withholding personal information relating to a fraud investigation.
In December 2001 a complaint filed a case in the privacy commissioner complaining that his bank had refused to provide him with certain personal information, was late in providing access to the required personal information and had exceeded its authority by collecting information for the purposes of investigating a fraud without his consent. He backed his case by highlighting section 2, 7(1) (b), 8(4), 8(5) and 9(3) of the PIPEDA law on data privacy. The complainant stated that after requesting the bank to provide a list of all his bank transactions with his name and letter relating to the fraud investigation from the regional security manager, the bank failed to provide. It later came to write that the bank had written bank to the complainant and informed him that the requested document would be available to him after 30 days and not 18 days like he had requested. The bank explained this was due to the fact that it the documents needed preparation and there was a holiday that would slow the bank activities. However, the bank did not honor this agreement and provided the available documents after 60 days but declared that though there was an ongoing investigation, there were no letters from the regional security officer. The findings of the commission were that the bank did abide to PIPEDA requirements and did not break section 2 and 8 as the complaints suggested. This is because the sections exceptions prevailed in that the bank had the right to carry out fraud investigation without seeking consent of the complaint because informing him could have interfered with the investigations. In addition, the bank delay in providing the information required by the complaint is justified in that though Principle 4.9 requires the disclosure of information upon request to provide the individual an opportunity to challenge the accuracy and completeness, it is countered by Section 9(3)(c.1) excepts disclosure and defense of information if it is collected under section 7(1)(b) which monitors accuracy. The commissioner concluded the case by indicating that the bank was in compliance with section 8(3) and 8(4) and therefore in line with Principle 4.9 hence did not violate the privacy right of the compliant, the case was therefore not well founded.
The Personal Information Protection Act of Germany
The Personal Information Protection Act of Germany is quite similar to the PIPEDA of Canada. It focuses on the data privacy of the citizens and ensures that corporate business do protect personal information of the citizens as they carry out their business operations. The personal information Protection Act of Germany ensures that the individuals know why the organizations collect or disclose their personal data or information, the organization protects the citizens personal information and holds accurate compete and up to date information. The Protection Act of Germany just like the PIPEDA law ensures that citizens’ personal information is kept private to any third persons and it available to the actual owner. However, there are a few exceptions relating to this law: first, personal information may be disclosed without consent of the individual if it is a matter of national security, emergencies and international affairs. Secondly, the individual may be denied disclosure of personal information if it also discloses information on a third party. With that structure of the PIPEDA law and the Personal Information Protection Act of Germany have been used to settle multiple court cases relating to violation of data privacy.
Perun, Halyn and Michael Orr, Guide to the Ontario Personal Health Information Protection Act. Toronto ON, Canada: Irwin Law. pp. 19–20.2005
ARCHIVED – Bank accused of withholding personal information related to fraud investigation Retrieved from http://www.priv.gc.ca/cf-dc/2002/cf-dc_020830_e.asp