Fourth Session, Thirty-Ninth Legislature
This version is based on the printed bill that was distributed in the Legislature after First Reading. It is not the official version. If accuracy is critical, you can obtain a copy of the printed bill from Statutory Publications or view the online bilingual version (PDF).
Bill 200
THE PERSONAL INFORMATION PROTECTION AND IDENTITY THEFT PREVENTION ACT
Section |
Table of Contents |
PART 1 | |
INTRODUCTORY PROVISIONS | |
1(1) | Definitions |
(2) | Interpretation: destruction of records |
2 | Standard as to what is reasonable |
PART 2 | |
PURPOSE AND APPLICATION | |
3 | Purpose |
4(1) | Application |
(2) | Exemption re public body |
(3) | Other exemptions |
(4) | Previously acquired information |
(5) | Legal matters and obligations of lawyers |
(6) | Conflict |
(7) | Waivers and releases void |
PART 3 | |
PROTECTION OF PERSONAL INFORMATION | |
DIVISION 1 | |
COMPLIANCE AND POLICIES | |
5(1) | Compliance with Act |
(2) | Organization continues to be responsible |
(3) | Designate individual responsible for compliance |
(4) | Delegation by designated individual |
(5) | Organization must act reasonably |
(6) | Organization not relieved by designating individual |
6 | Policies and practices |
DIVISION 2 | |
CONSENT | |
7(1) | Consent required |
(2) | Organization cannot require greater consent |
(3) | Individual may limit consent |
8(1) | Form of consent |
(2) | Giving information may be deemed consent |
(3) | Notice in place of consent |
(4) | Information to be used only for purpose it was collected |
(5) | Manner of giving consent |
9(1) | Withdrawal or variation of consent |
(2) | Information re withdrawing or varying consent |
(3) | If consequences of withdrawal reasonably obvious |
(4) | Withdrawal or variation must be comply with |
(5) | Effect where legal obligation between parties |
(6) | Manner of giving notice of withdrawal or variation |
(7) | Terms of withdrawal to be acceptable to individual |
(8) | No obligations imposed by withdrawal or variation |
10 | Consent obtained by deception, etc. |
DIVISION 3 | |
COLLECTION OF PERSONAL INFORMATION | |
11(1) | Limitations on collection |
(2) | Purpose determines if what collected is reasonable |
12 | Limitation on sources for collection |
13(1) | Notification required for collection |
(2) | If organization collects from another — with consent |
(3) | If organization collects from another — without consent |
(4) | Exception |
14 | Collection without consent |
15(1) | Collection of personal employee information |
(2) | Limited circumstances where consent not required |
(3) | Disclosure of employee information without consent |
(4) | Exception |
DIVISION 4 | |
USE OF PERSONAL INFORMATION | |
16(1) | Limitations on use |
(2) | Purpose determines if use reasonable |
17 | Use without consent |
18(1) | Use of personal employee information |
(2) | Purpose determines if use reasonable |
(3) | Exception |
DIVISION 5 | |
DISCLOSURE OF PERSONAL INFORMATION | |
19(1) | Limitations on disclosure |
(2) | Purposes determine if disclosure reasonable |
20 | When disclosure without consent permitted |
21(1) | Disclosure of personal employee information |
(2) | When disclosure without consent permitted |
(3) | Exception |
DIVISION 6 | |
BUSINESS TRANSACTIONS | |
22(1) | Definitions |
(2) | Business transactions — collection, use and disclosure |
(3) | Disclosure respecting acquisition of a business, etc |
(4) | Information must be destroyed or returned |
(5) | Consent may be obtained for other uses etc. |
(6) | Exception |
PART 4 | |
ACCESS TO AND CORRECTION AND | |
CARE OF PERSONAL INFORMATION | |
DIVISION 1 | |
ACCESS AND CORRECTION | |
23 | Definitions |
24(1) | Access |
(2) | Where access may be refused |
(3) | Where access must be refused |
(4) | Inaccessible information to be severed |
25(1) | Right to request correction |
(2) | Correction must be made |
(3) | Annotation of requested correction that is not made |
(4) | Information corrected per notification |
(5) | Exception |
26(1) | How to make a request |
(2) | Applicant may request copy of information |
27(1) | Duty to assist |
(2) | Creating record to be given to applicant |
28(1) | Time limit for responding |
(2) | Extension |
(3) | Time period for deciding extension not included |
29 | Contents of response |
30 | How access will be given |
31(1) | Extending the time limit for responding |
(2) | Applicant to be informed of extension |
32(1) | Fees |
(2) | No fee for requested correction |
(3) | Fee to be estimated and deposit may be required |
DIVISION 2 | |
CARE OF PERSONAL INFORMATION | |
33 | Accuracy of information |
34(1) | Protection of information |
(2) | Notice if control of information lost |
(3) | Exception re law enforcement agency investigation |
(4) | Right of action |
(5) | Other rights not affected |
35 | Retention of information |
PART 5 PROFESSIONAL REGULATORY AND NON-PROFIT ORGANIZATIONS | |
36(1) | Professional regulatory organizations |
(2) | Regulations re professional regulatory organizations |
(3) | Regulation my be general or specific |
37(1) | Non-profit organizations |
(2) | Exception re non-profit organizations |
(3) | Act applies to commercial activity |
(4) | Regulations re non-profit organizations |
(5) | Regulation may be general or specific |
PART 6 | |
GENERAL PROVISIONS | |
38 | Protection of organization from legal actions |
39 | Protection of employee |
40(1) | Exercise of rights by other persons |
(2) | Who notice may be given to |
41(1) | Offences |
(2) | Penalties |
(3) | No offence if action reasonable |
42(1) | General regulations |
(2) | Application of regulation |
(3) | Regulation may be general or specific |
43(1) | Review of Act |
(2) | Content of report |
44 | C.C.S.M. reference |
45 | Coming into force |