How Canada’s Privacy Legislation Affects the Use of Third Party Information and Payment Processors Posted onAugust 15, 2019October 2, 2024/ Elisabeth Colson Businesses often use third party entities to process customer information or transactions and to then relay portions of that information back to the business. Businesses using third parties in this manner should be aware of the provisions of Canada’s privacy legislation in this regard. Overview of Canada’s Privacy Legislation Canada’s two predominant privacy statutes are the Privacy Act, RSC 1985 c P-21 and the Personal Information Protection and Electronic Documents Act, SC 2000, c5 [“PIPEDA”]. The former applies to actions of the federal government, while PIPEDA applies to every entity that collects, uses or discloses personal information in the course of commercial activities. Alberta, British Columbia and Quebec have provincial privacy legislation which is, for the most part, substantially similar to PIPEDA. Compliance with PIPEDA Any entity collecting personal information for the purpose of a commercial activity must first obtain the consent of the individuals whose information is being collected. It is important to note that personal information includes the names and contact details of individuals, as well as their credit card and other financial information. PIPEDA provides that “the consent of an individual is only valid if it is reasonable to expect that an individual to whom the organization’s activities are directed would understand the nature, purpose and consequences of the collection, use or disclosure of the personal information to which they are consenting.” Therefore, whenever personal information is collected in a commercial context, the individuals whose consent is sought must be informed of the manner in which their personal information will be used and disclosed. The transfer of information to third parties for processing is considered to be a disclosure of information. It therefore follows that when seeking someone’s consent for collection of his or her personal information, the entity collecting the information should outline that the information will be shared with third parties for processing. Furthermore, if the third party is in another country, specific risks such as the possibility of foreign officials obtaining the information, should be disclosed to the individuals whose consent is being sought. In summary, a business seeking to use third party processors of customer information or payments should so advise any individuals whose personal information will be collected and should outline for those individuals the potential risks of the collection and disclosure of the personal information by and to, the third party. The third party processor should ensure that the necessary consent has been obtained and that its contract with the business provides for indemnification by the business should issues arise as a result of the collection and processing of the personal information. For questions regarding compliance with Canada’s privacy legislation in a commercial context, please contact Elisabeth Colson of Devry Smith Frank LLP at 416-446-5048 or elisabeth.colson@devrylaw.ca. “This article is intended to inform. Its content does not constitute legal advice and should not be relied upon by readers as such. If you require legal assistance, please see a lawyer. Each case is unique and a lawyer with good training and sound judgment can provide you with advice tailored to your specific situation and needs.” Authors Elisabeth Colson 416-446-5048 416-446-5048 elisabeth.colson@devrylaw.ca Related Posts Posted onOctober 28, 2020April 26, 2024/ Devry Smith Frank LLP Rejected work, study or visitor visa – what next? If you have carefully filled in the forms, gathered the numerous supporting documents and tried to provide as thorough an explanation for your application for temporary residence to Canada, it can be deflating to receive a denial letter. While often an application may be rejected simply because the case was not strong enough, there may [...] Read more Posted onApril 8, 2020September 30, 2020/ Devry Smith Frank LLP MOVING CANNABIS: The Canadian Perspective This blog is co-written by our former articling student, Janet Son. On October 17, 2018 Cannabis became legal in Canada. The federal Cannabis Act[1] sets out the terms and conditions, which are uniform across Canada. It deals with the production, sale, distribution and possession of cannabis. Provinces have power to deal with how it is distributed, sold [...] Read more Posted onApril 3, 2020September 30, 2020/ Devry Smith Frank LLP Canadian Immigration Status during COVID-19 pandemic This blog is co-written by our former articling student, Janet Son. Information regarding the status of flights, border closures and visas is changing by the hour during this pandemic. When it comes to immigration status, there are a few key things to be done to ensure that you are able to remain in Canada. IF YOU [...] Read more Posted onJanuary 31, 2020September 30, 2020/ Devry Smith Frank LLP Prince Harry and Meghan Markle as Canadian citizens? It’s harder than it sounds This blog is co-written by our former articling student, Linda Noorafkan. Prince Harry and Meghan Markle have decided that they will live in Canada on a part-time basis with their son, Archie. Social media is buzzing with Canadians delighted that the Prince and the Suits star could be moving to their neighbourhood. Others are critical about the [...] Read more Posted onDecember 12, 2017June 17, 2020/ Devry Smith Frank LLP National Housing Strategy On Wednesday, November 23, Justin Trudeau announced the federal government’s 10 year national housing strategy. The federal housing strategy is aimed at ensuring that Canadians have access to affordable homes. The aim is to reduce poverty and homelessness. Trudeau deemed access to adequate housing as a “human right”. The federal government is hoping to make [...] Read more
