Skip to Main Content

Online privacy

There are many laws protecting online privacy when it comes to transactions, record keeping, and communications.

In general, any personal information that a website or an agency which keeps records online collects from you has to be kept private. If you have signed a contract with a company, you may want to review the privacy section to make sure you they outline that all your personal information shared with them will be kept confidential.

As can be seen from the Ashley Madison hack, even where people have been assured of confidentiality of their private information, data breaches happen. Millions of subscribers were uncovered and their personal data leaked – and that despite being assured privacy by the website.

There are several laws we have to protect Canadians online privacy, apart from being able to sue under tort for breach of contract or under privacy tort. Even if online confidentiality is breached, businesses and organizations have a duty to deal with the breach to mitigate the harm.

The following sections outline the laws protecting Canadians’ online privacy:

Criminal Code of Canada

The Criminal Code doesn’t have a section that deals with cybercrime or hacking of personal information directly.

However, there are several sections under the Criminal Code that can be used to hold people accountable for hacking and stealing and/or disseminating people’s person information stored online. Those include:

  • s. 184: interception of communication crimes;
  • s. 342: theft and forgery of credit cards;
  • s. 402: identity theft and identify fraud; and
  • s. 403: identity fraud.

PIPEDA

The Office of the Privacy Commissioner of Canada regulates online privacy when it comes to businesses and organizations that hold your information or hold information about you.

Those rules and regulations are set out in The Personal Information Protection and Electronics Documents Act.

PIPEDA demands that private sector organizations get consent from the consumer if they want to have you share your personal information with them for the purposes for collection, use or disclosure.

Digital Privacy Act of 2015

This new legislation came into effect on June 18, 2015. Its purpose is to strengthen the executive branch of the Office of the Privacy Commissioner, and thereby give it broader regulatory powers.

The legislation sets out requirements for people to be informed in cases of breaches of personal information that happen online.

The notifications requirements include:

  • Giving “sufficient information” to let a person understand how considerable the breach is and how harm, due to the breach, can be reduced;
  • The notice of breach has to be given directly to the person whose information has been breached;
  • The notification has to be given as soon as possible.

There are steep fines for non-compliance with the above.

Canada’s Anti-Spam Legislation

The new Anti-Spam legislation came into effect on July 1, 2014.

The new legislation was put in place to stop unwanted commercial electronic messages. Such messages can take the form of text messages, e-mails and communications over social networks.

An additional part of CASL came into effect on January 15, 2015, which put forth new safeguards for installing computer programs. Under this new legislation, it is forbidden for a website to automatically install software on a user’s computer without their consent in the course of commercial activity. This is to prevent malicious software from being installed on your computer that can cause data leaks and other unwanted consequences.

If you suspect that your personal information has been leaked or your business has been hacked, you may want to consult a lawyer.

Read more:

Canada’s Anti-Spam Legislation

Criminal Code of Canada