ETHI Committee Report
If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.
LIST OF RECOMMENDATIONSRECOMMENDATION 1
RECOMMENDATION 2 That the definition of “personal information” in section 3 of the Privacy Act be amended to ensure that it be technologically neutral and that it include unrecorded information. RECOMMENDATION 3 That the Government of Canada define metadata in the Privacy Act, in a technologically neutral way and with an emphasis on the information it can reveal about an individual. RECOMMENDATION 4 That the Privacy Act be amended to require that all information sharing under paragraphs 8(2)(a) and (f) of the Privacy Act be governed by written agreements and that these agreements include specified elements. RECOMMENDATION 5 That the Privacy Act be amended to create an explicit requirement that new or amended information-sharing agreements be submitted to the Office of the Privacy Commissioner of Canada for review, and that existing agreements should be reviewable by the Privacy Commissioner upon request. RECOMMENDATION 6
RECOMMENDATION 7 That the Privacy Act be amended to create an explicit requirement for institutions to safeguard personal information with appropriate physical, organizational and technological measures commensurate with the level of sensitivity of the data. RECOMMANDATION 8 That the Privacy Act be amended to set out clear consequences for failing to safeguard personal information. 16 RECOMMENDATION 9 That the Privacy Act be amended to create an explicit requirement for government institutions to report material breaches of personal information to the Office of the Privacy Commissioner of Canada in a timely manner. RECOMMENDATION 10 That the Privacy Act be amended to create an explicit requirement for government institutions to notify affected individuals of material breaches of personal information, except in appropriate cases, provided that the notification does not compound the damage to the individuals. RECOMMENDATION 11 That section 4 of the Privacy Act be amended to explicitly require compliance with the criteria of necessity and proportionality in the context of any collection of personal information, consistent with other privacy laws in effect in Canada and abroad. RECOMMENDATION 12 That the Privacy Act be amended to clarify that a recipient federal institution that receives personal information through information sharing with another federal institution is collecting personal information within the meaning of section 4 of the Privacy Act, and must meet the criteria of necessity and proportionality that apply to the collection of personal information. RECOMMENDATION 13 That section 6 of the Privacy Act be amended so as to explicitly require compliance with the criteria of necessity and proportionality in the context of any retention of personal information. RECOMMENDATION 14 That the Privacy Act be amended to set clear rules governing the collection and protection of personal information that is collected on the internet and through social media. RECOMMENDATION 15
RECOMMENDATION 16 That the Government of Canada further examine the possibility of expanding judicial recourse and remedies under the Privacy Act. RECOMMENDATION 17 That the Privacy Act be amended to include a requirement for government institutions to conduct privacy impact assessments for new or significantly amended programs and submit them to the Office of the Privacy Commissioner of Canada in a timely manner. RECOMMENDATION 18 That the Privacy Act be amended to require federal government institutions to consult with Office of the Privacy Commissioner of Canada on draft legislation and regulations with privacy implications before they are implemented. RECOMMENDATION 19 That the Privacy Act be amended to explicitly confer the Privacy Commissioner with:
RECOMMENDATION 20 That the Privacy Act be amended to require an ongoing five-year parliamentary review. RECOMMENDATION 21 That section 64 of the Privacy Act be amended to create an exemption from confidentiality requirements to provide the Privacy Commissioner with the discretionary authority to report proactively on government privacy issues where he considers it in the public interest to do so. RECOMMENDATION 22 That the Privacy Act be amended to expand the ability of the Office of the Privacy Commissioner of Canada to collaborate with other data protection authorities and review bodies on audits and investigations of shared concern in connection with Privacy Act issues. RECOMMENDATION 23 That section 32 of the Privacy Act be amended to grant the Privacy Commissioner discretion to discontinue or decline complaints on specified grounds, including when the complaint is frivolous, vexatious or made in bad faith, and that the Commissioner’s decision to discontinue or decline a complaint be subject to a right of appeal by the complainant. RECOMMENDATION 24 That reporting requirements on broader privacy issues dealt with by federal institutions be reinforced by requiring the addition of a descriptive element so as to make the information in the reports accessible and relevant. RECOMMENDATION 25 That there be specific transparency requirements for lawful access requests from agencies involved in law enforcement. RECOMMENDATION 26 That the Government of Canada explore extending the scope of the Privacy Act to all federal government institutions, including ministers’ offices and the Prime Minister’s Office. RECOMMENDATION 27 That the Government of Canada consider extending the right of access to personal information to foreign nationals. RECOMMENDATION 28 That the Government of Canada examine the possibility of limiting exemptions to access to personal information requests under the Privacy Act. |