S.M. 2013, c. 17
Bill 211, 2nd Session, 40th Legislature
The Personal Information Protection and Identity Theft Prevention Act
PART 1 | |
INTRODUCTORY PROVISIONS | |
1(1) | Definitions |
(2) | Interpretation: destruction of records |
2 | Standard as to what is reasonable |
PART 2 | |
PURPOSE AND APPLICATION | |
3 | Purpose |
4(1) | Application |
(2) | Exemption re public body |
(3) | Other exemptions |
(4) | Previously acquired information |
(5) | Legal matters and obligations of lawyers |
(6) | Conflict |
(7) | Waivers and releases void |
PART 3 | |
PROTECTION OF PERSONAL INFORMATION | |
DIVISION 1 | |
COMPLIANCE AND POLICIES | |
5(1) | Compliance with Act |
(2) | Organization continues to be responsible |
(3) | Designate individual responsible for compliance |
(4) | Delegation by designated individual |
(5) | Organization must act reasonably |
(6) | Organization not relieved by designating individual |
6 | Policies and practices |
DIVISION 2 | |
CONSENT | |
7(1) | Consent required |
(2) | Organization cannot require greater consent |
(3) | Individual may limit consent |
8(1) | Form of consent |
(2) | Giving information may be deemed consent |
(3) | Notice in place of consent |
(4) | Information to be used only for purpose it was collected |
(5) | Manner of giving consent |
9(1) | Withdrawal or variation of consent |
(2) | Information re withdrawing or varying consent |
(3) | If consequences of withdrawal reasonably obvious |
(4) | Withdrawal or variation must be comply with |
(5) | Effect where legal obligation between parties |
(6) | Manner of giving notice of withdrawal or variation |
(7) | Terms of withdrawal to be acceptable to individual |
(8) | No obligations imposed by withdrawal or variation |
10 | Consent obtained by deception, etc. |
DIVISION 3 | |
COLLECTION OF PERSONAL INFORMATION | |
11(1) | Limitations on collection |
(2) | Purpose determines if what collected is reasonable |
12 | Limitation on sources for collection |
13(1) | Notification required for collection |
(2) | If organization collects from another — with consent |
(3) | If organization collects from another — without consent |
(4) | Exception |
14 | Collection without consent |
15(1) | Collection of personal employee information |
(2) | Limited circumstances where consent not required |
(3) | Disclosure of employee information without consent |
(4) | Exception |
DIVISION 4 | |
USE OF PERSONAL INFORMATION | |
16(1) | Limitations on use |
(2) | Purpose determines if use reasonable |
17 | Use without consent |
18(1) | Use of personal employee information |
(2) | Purpose determines if use reasonable |
(3) | Exception |
DIVISION 5 | |
DISCLOSURE OF PERSONAL INFORMATION | |
19(1) | Limitations on disclosure |
(2) | Purposes determine if disclosure reasonable |
20 | When disclosure without consent permitted |
21(1) | Disclosure of personal employee information |
(2) | When disclosure without consent permitted |
(3) | Exception |
DIVISION 6 | |
BUSINESS TRANSACTIONS | |
22(1) | Definitions |
(2) | Business transactions — collection, use and disclosure |
(3) | Disclosure respecting acquisition of a business, etc |
(4) | Information must be destroyed or returned |
(5) | Consent may be obtained for other uses etc. |
(6) | Exception |
PART 4 | |
ACCESS TO AND CORRECTION AND CARE OF PERSONAL INFORMATION | |
DIVISION 1 | |
ACCESS AND CORRECTION | |
23 | Definitions |
24(1) | Access |
(2) | Where access may be refused |
(3) | Where access must be refused |
(4) | Inaccessible information to be severed |
25(1) | Right to request correction |
(2) | Correction must be made |
(3) | Annotation of requested correction that is not made |
(4) | Information corrected per notification |
(5) | Exception |
26(1) | How to make a request |
(2) | Applicant may request copy of information |
27(1) | Duty to assist |
(2) | Creating record to be given to applicant |
28(1) | Time limit for responding |
(2) | Extension |
(3) | Time period for deciding extension not included |
29 | Contents of response |
30 | How access will be given |
31(1) | Extending the time limit for responding |
(2) | Applicant to be informed of extension |
32(1) | Fees |
(2) | No fee for requested correction |
(3) | Fee to be estimated and deposit may be required |
DIVISION 2 | |
CARE OF PERSONAL INFORMATION | |
33 | Accuracy of information |
34(1) | Protection of information |
(2) | Notice if control of information lost |
(3) | Exception re law enforcement agency investigation |
(4) | Right of action |
(5) | Other rights not affected |
35 | Retention of information |
PART 5 | |
PROFESSIONAL REGULATORY AND NON-PROFIT ORGANIZATIONS | |
36(1) | Professional regulatory organizations |
(2) | Regulations re professional regulatory organizations |
(3) | Regulation may be general or specific |
37(1) | Non-profit organizations |
(2) | Exception re non-profit organizations |
(3) | Act applies to commercial activity |
(4) | Regulations re non-profit organizations |
(5) | Regulation may be general or specific |
PART 6 | |
GENERAL PROVISIONS | |
38 | Protection of organization from legal actions |
39 | Protection of employee |
40(1) | Exercise of rights by other persons |
(2) | Who notice may be given to |
41(1) | Offences |
(2) | Penalties |
(3) | No offence if action reasonable |
42(1) | General regulations |
(2) | Application of regulation |
(3) | Regulation may be general or specific |
43(1) | Review of Act |
(2) | Content of report |
44 | C.C.S.M. reference |
45 | Coming into force |