A A A

Fourth Session, Thirty-Ninth Legislature

This version is based on the printed bill that was distributed in the Legislature after First Reading.   It is not the official version.   If accuracy is critical, you can obtain a copy of the printed bill from Statutory Publications or view the online bilingual version (PDF).

Bill 200

THE PERSONAL INFORMATION PROTECTION AND IDENTITY THEFT PREVENTION ACT



Section
Table of Contents            
PART 1
INTRODUCTORY PROVISIONS
1(1) Definitions
(2) Interpretation: destruction of records
2 Standard as to what is reasonable
PART 2
PURPOSE AND APPLICATION
3 Purpose
4(1) Application
(2) Exemption re public body
(3) Other exemptions
(4) Previously acquired information
(5) Legal matters and obligations of lawyers
(6) Conflict
(7) Waivers and releases void
PART 3
PROTECTION OF PERSONAL INFORMATION
DIVISION 1
COMPLIANCE AND POLICIES
5(1) Compliance with Act
(2) Organization continues to be responsible
(3) Designate individual responsible for compliance
(4) Delegation by designated individual
(5) Organization must act reasonably
(6) Organization not relieved by designating individual
6 Policies and practices
DIVISION 2
CONSENT
7(1) Consent required
(2) Organization cannot require greater consent
(3) Individual may limit consent
8(1) Form of consent
(2) Giving information may be deemed consent
(3) Notice in place of consent
(4) Information to be used only for purpose it was collected
(5) Manner of giving consent
9(1) Withdrawal or variation of consent
(2) Information re withdrawing or varying consent
(3) If consequences of withdrawal reasonably obvious
(4) Withdrawal or variation must be comply with
(5) Effect where legal obligation between parties
(6) Manner of giving notice of withdrawal or variation
(7) Terms of withdrawal to be acceptable to individual
(8) No obligations imposed by withdrawal or variation
10 Consent obtained by deception, etc.
DIVISION 3
COLLECTION OF PERSONAL INFORMATION
11(1) Limitations on collection
(2) Purpose determines if what collected is reasonable
12 Limitation on sources for collection
13(1) Notification required for collection
(2) If organization collects from another — with consent
(3) If organization collects from another — without consent
(4) Exception
14 Collection without consent
15(1) Collection of personal employee information
(2) Limited circumstances where consent not required
(3) Disclosure of employee information without consent
(4) Exception
DIVISION 4
USE OF PERSONAL INFORMATION
16(1) Limitations on use
(2) Purpose determines if use reasonable
17 Use without consent
18(1) Use of personal employee information
(2) Purpose determines if use reasonable
(3) Exception
DIVISION 5
DISCLOSURE OF PERSONAL INFORMATION
19(1) Limitations on disclosure
(2) Purposes determine if disclosure reasonable
20 When disclosure without consent permitted
21(1) Disclosure of personal employee information
(2) When disclosure without consent permitted
(3) Exception
DIVISION 6
BUSINESS TRANSACTIONS
22(1) Definitions
(2) Business transactions — collection, use and disclosure
(3) Disclosure respecting acquisition of a business, etc
(4) Information must be destroyed or returned
(5) Consent may be obtained for other uses etc.
(6) Exception
PART 4
ACCESS TO AND CORRECTION AND
CARE OF PERSONAL INFORMATION
DIVISION 1
ACCESS AND CORRECTION
23 Definitions
24(1) Access
(2) Where access may be refused
(3) Where access must be refused
(4) Inaccessible information to be severed
25(1) Right to request correction
(2) Correction must be made
(3) Annotation of requested correction that is not made
(4) Information corrected per notification
(5) Exception
26(1) How to make a request
(2) Applicant may request copy of information
27(1) Duty to assist
(2) Creating record to be given to applicant
28(1) Time limit for responding
(2) Extension
(3) Time period for deciding extension not included
29 Contents of response
30 How access will be given
31(1) Extending the time limit for responding
(2) Applicant to be informed of extension
32(1) Fees
(2) No fee for requested correction
(3) Fee to be estimated and deposit may be required
DIVISION 2
CARE OF PERSONAL INFORMATION
33 Accuracy of information
34(1) Protection of information
(2) Notice if control of information lost
(3) Exception re law enforcement agency investigation
(4) Right of action
(5) Other rights not affected
35 Retention of information
PART 5 PROFESSIONAL REGULATORY AND NON-PROFIT ORGANIZATIONS
36(1) Professional regulatory organizations
(2) Regulations re professional regulatory organizations
(3) Regulation my be general or specific
37(1) Non-profit organizations
(2) Exception re non-profit organizations
(3) Act applies to commercial activity
(4) Regulations re non-profit organizations
(5) Regulation may be general or specific
PART 6
GENERAL PROVISIONS
38 Protection of organization from legal actions
39 Protection of employee
40(1) Exercise of rights by other persons
(2) Who notice may be given to
41(1) Offences
(2) Penalties
(3) No offence if action reasonable
42(1) General regulations
(2) Application of regulation
(3) Regulation may be general or specific
43(1) Review of Act
(2) Content of report
44 C.C.S.M. reference
45 Coming into force