Forgive me for getting into the weeds a bit on a couple of quirky parts of our privacy laws; I hope some of you fellow privacy nerds might find this interesting and, like me, a bit odd.
First of all, did you know that the way the exemption orders are written to declare certain laws as substantially similar to PIPEDA actually creates the situation where organizations that are federal works and undertakings must comply with both PIPEDA and the substantially similar laws? It’s weird, but no matter how I read the exemption order, it leaves me with no other conclusion. So that you don’t have to look them up yourself, here’s an example where the feds wanted to say that the law in Alberta was substantially similar to PIPEDA:
“An organization, other than a federal work, undertaking or business, to which the Personal Information Protection Act, of the Province of Alberta, applies is exempt from the application of Part 1 of the Personal Information Protection and Electronic Documents Act, in respect of the collection, use and disclosure of personal information that occurs within the Province of Alberta.”
So, the exemption order doesn’t apply to federal works or undertakings. That means they must still comply with PIPEDA. But, when you read the Alberta PIPA, there is no exception created for federal works and undertakings so that law applies to them too!
I suppose it doesn’t mean much in practice—except that I think you can legitimately choose which commissioner to complain to—but it is nonetheless a quirky thing about the application of our laws.
Secondly, many of you will already know about the black hole in our country for the privacy protection of employees. In essence, you need to either be an employee in Quebec, Alberta or BC or be an employee of a federal work or undertaking to have privacy laws working for you. But, did you know that this gaping hole in privacy protection also means that an organization in Ontario (for example), that has employees in Europe, cannot transfer their information to their headquarters in Toronto without violating the European Directive? Again, strange, but true. Probably not enough there to get our provinces to actually do something about it, but, hey, like I said, kind of a quirky thing to think about, for those privacy nerds out there.
If you want to comment on this post, you need to login.