Privacy Act (Canada)

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Privacy Act
Parliament of Canada
Territorial extentCanada
CommencedJuly 1, 1983
Status: Current legislation

The Privacy Act (French: Loi sur la protection des renseignements personnels) is Canadian federal legislation that came into effect on July 1, 1983.[1] The act sets out rules for how institutions of the Government of Canada must deal with personal information of individuals. Some salient provisions of the legislation are as follows:

  • A government institution may not collect personal information unless it relates directly to an operating program or activity of the institution (section 4).
  • With some exceptions, when a government institution collects an individual's personal information from the individual, it must inform the individual of the purpose for which the information is being collected (section 5(2)).
  • With some exceptions, personal information under the control of a government institution may be used only for the purpose for which the information was obtained or for a use consistent with that purpose, unless the individual consents (section 7).
  • With some exceptions, personal information under the control of a government institution may not be disclosed, unless the individual consents (section 8).
  • Every Canadian citizen or permanent resident has the right to be given access to personal information about the individual under the control of a government institution that is reasonably retrievable by the government institution, and request correction if the information is inaccurate (section 12).
  • A government institution can refuse requests for access to personal information in four cases[2]:
    1. The request interferes with the responsibilities of the government, such as national defence and law enforcement investigations (sections 19-25)
    2. The request contains the personal information of someone other than the individual who made the request (section 26).
    3. The request is subject to solicitor-client privilege (section 27).
    4. A request for an individual's own medical records can be rejected if there is no benefit to the individual in reading it (section 28).
  • The Privacy Commissioner of Canada receives and investigates complaints, including complaints that an individual was denied access to his or her personal information held by a government institution (section 29).


The first privacy law in Canada was enacted in 1977 in part four of the Canadian Human Rights Act by creating the Office of the Privacy Commissioner of Canada, which would be responsible for investigating privacy violation complaints by members of the public and reporting to lawmakers[3]. During the 32nd Parliament in 1983, Bill C-43 was passed[3]. This legislation created the Privacy Act and the Access to Information Act, separate from the Canadian Human Rights Act.

Case law[edit]

An individual who has been refused access to personal information may ultimately apply to the Federal Court for a review of the matter, pursuant to section 41 of the Act. The Court may order the head of the government institution to disclose the information to the individual (sections 48 and 49). Decisions of the Federal Court on such matters may be appealed to the Federal Court of Appeal, and, if leave is granted, further appealed to the Supreme Court of Canada. Some important court decision concerning the Privacy Act are:

See also[edit]


  1. ^ "Privacy Legislation in Canada". Archived from the original on 2007-01-03. Retrieved 2006-08-16.CS1 maint: BOT: original-url status unknown (link)or
  2. ^ Branch, Legislative Services (2018-12-13). "Consolidated federal laws of Canada, Privacy Act". Retrieved 2019-04-05.
  3. ^ a b "Canada's Federal Privacy Laws". Retrieved 2019-04-05.
  4. ^
  5. ^
  6. ^
  7. ^
  8. ^

External links[edit]