|
APEGGA, PIPA and PIPEDA
Background
As
of January 1, 2004, new rules will apply to all organizations
that collect,
use and disclose personal information about individuals.
The purpose of this paper is to provide a sketch outline of APEGGA
responsibilities that will apply in the future under PIPA – the
Personal Information Protection Act of Alberta, and PIPEDA - the
Personal Information Protection and Electronic Documents Act, and
Act of the Government of Canada.
PIPA
was introduced by way of Bill 44 in the Alberta legislature and
was given first
reading in the spring sitting. The Alberta
government had the Bill approved in its fall 2003 sitting. It is
quite clear that insofar as APEGGA’s status as a “Professional
Regulatory Organization” its regulatory activities in Alberta
will be subject to PIPA rules.
Regular updates on privacy legislation in Alberta can be obtained
from:
http://www.psp.gov.ab.ca/
Activities Beyond Alberta and Regulatory Mandate
APEGGA’s activities include a number of things well beyond
a strictly regulatory mandate. There are also regulatory activities
that go beyond the borders of Alberta, such as examinations for
other associations and inter-association transfer application information.
APEGGA members may participate in member benefits that have been
negotiated by the CCPE. These are considered to be commercial activities.
The federal legislation that has a bearing on these APEGGA activities
is the Personal Information Protection and Electronic Documents
Act (PIPEDA). This Act was passed in 2000 and initially applied
only to the federally regulated private sector. However, on January
1, 2004, it will also apply to commercial activities undertaken
in the provincially regulated private sector, unless provinces
pass legislation that the federal government deems "substantially
similar" to the federal Act. The federal privacy commissioners
office views the regulatory licensing activities under a provincial
statute as falling under this umbrella in the absence of applicable
provincial legislation.
Canadian
provinces have an option to either pass equivalent legislation
that covers professional licensing or become subject to PIPEDA.
Since many provinces have no intention of working on their own
privacy legislation, it follows that many of the associations within
Canada will be subject to PIPEDA effective January 1, 2004. Therefore
we can expect that exchanges of information with sister associations
and with the CCPE will be subject to PIPEDA.
A
recent conference held by the Alberta government for professional
associations
was assured that the new acting federal privacy commissioner
has ruled that the draft Alberta legislation is “substantially
equivalent” to the federal Act. This conference also suggested
that professional regulatory organizations may wish to develop
their own “Personal Information Code”. APEGGA has developed
a summary version of this policy as its code. Note that this Code
is useful in communicating our commitment to privacy principles
to members, but final determination of compliance is subject to
PIPEDA and/or PIPA depending on the specific circumstance involved.
APEGGA Personal Information Code
APEGGA
respects the privacy of its members and is committed to protecting
their
personal information. In this privacy statement “personal
information” means information that reveals a distinctive
trait about you, helps to identify you and is not available in
the public domain. It does not include business contact information,
or the information provided to issue and maintain professional
status or any other class or category of registration under the
Engineering, Geological and Geophysical Professions Act. This Act
is our legislated mandate under provincial statute, and any activity
under that Act is subject to the obligations set out in the EGGP
Act and in the Personal Information Protection Act of Alberta.
APEGGA adheres to the privacy standards of the Canadian Standards
Association regarding collection, use, disclosure and retention
of personal information. Compliance with these principles is verified
regularly and revised as needed. Your contact information is collected,
maintained and disclosed to approved providers of member services
with your consent in keeping with these principles. The principles
in summary are:
1. Accountability
APEGGA
is responsible for personal information under its control and
has designated
its Deputy Registrar as the individual for APEGGA’s
compliance with the following principles.
2. Identifying Purpose
The purpose for which personal information is collected shall
be identified by APEGGA at or before the time the information is
collected.
3. Consent
The
knowledge and consent of an individual is required for the collection,
use, or disclosure of personal information, except
where inappropriate. In its investigation of member conduct or
the investigation of an applicant’s suitability for registration,
specific information may be kept confidential from the member or
applicant in order to protect the integrity of the investigation
process.
4. Limiting Collection
The collection of personal information will be limited to that
which is necessary for the purposes identified by APEGGA. The information
will be collected by a fair and lawful means.
5. Limiting Use, Disclosure and Retention
Personal information will not be used or disclosed for purposes
other than those for which it was collected, except with the consent
of the individual or as required by law. Personal information shall
be retained only as long as necessary for the fulfillment of those
purposes.
6. Accuracy
Personal information will be as accurate, complete, and up-to-date
as is necessary for the purpose for which it is to be used.
7. Safeguards
Personal information will be protected by security safeguards
appropriate to the sensitivity of the information.
8. Openness
APEGGA will make readily available to individuals specific information
about its policies and practices relating to the management of
personal information.
9. Individual Access
Upon request, an individual will be informed of the existence,
use, and disclosure of his or her personal information and shall
be given access to that information. An individual will be able
to challenge the accuracy and completeness of the information and
have it amended as appropriate.
10. Challenging Compliance
An
individual is able to address a challenge concerning compliance
with the above principles to the Deputy Registrar.
|
