Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5)
Full Document:
Act current to 2024-10-30 and last amended on 2024-08-19. Previous Versions
PART 1Protection of Personal Information in the Private Sector (continued)
DIVISION 2Remedies (continued)
Compliance Agreements
Marginal note:Compliance agreement
17.1 (1) If the Commissioner believes on reasonable grounds that an organization has committed, is about to commit or is likely to commit an act or omission that could constitute a contravention of a provision of Division 1 or 1.1 or a failure to follow a recommendation set out in Schedule 1, the Commissioner may enter into a compliance agreement, aimed at ensuring compliance with this Part, with that organization.
Marginal note:Terms
(2) A compliance agreement may contain any terms that the Commissioner considers necessary to ensure compliance with this Part.
Marginal note:Effect of compliance agreement — no application
(3) When a compliance agreement is entered into, the Commissioner, in respect of any matter covered under the agreement,
(a) shall not apply to the Court for a hearing under subsection 14(1) or paragraph 15(a); and
(b) shall apply to the court for the suspension of any pending applications that were made by the Commissioner under those provisions.
Marginal note:For greater certainty
(4) For greater certainty, a compliance agreement does not preclude
(a) an individual from applying for a hearing under section 14; or
(b) the prosecution of an offence under the Act.
- 2015, c. 32, s. 15
Marginal note:Agreement complied with
17.2 (1) If the Commissioner is of the opinion that a compliance agreement has been complied with, the Commissioner shall provide written notice to that effect to the organization and withdraw any applications that were made under subsection 14(1) or paragraph 15(a) in respect of any matter covered under the agreement.
Marginal note:Agreement not complied with
(2) If the Commissioner is of the opinion that an organization is not complying with the terms of a compliance agreement, the Commissioner shall notify the organization and may apply to the Court for
(a) an order requiring the organization to comply with the terms of the agreement, in addition to any other remedies it may give; or
(b) a hearing under subsection 14(1) or paragraph 15(a) or to reinstate proceedings that have been suspended as a result of an application made under paragraph 17.1(3)(b).
Marginal note:Time for application
(3) Despite subsection 14(2), the application shall be made within one year after notification is sent or within any longer period that the Court may, either before or after the expiry of that year, allow.
- 2015, c. 32, s. 15
DIVISION 3Audits
Marginal note:To ensure compliance
18 (1) The Commissioner may, on reasonable notice and at any reasonable time, audit the personal information management practices of an organization if the Commissioner has reasonable grounds to believe that the organization has contravened a provision of Division 1 or 1.1 or is not following a recommendation set out in Schedule 1, and for that purpose may
(a) summon and enforce the appearance of persons before the Commissioner and compel them to give oral or written evidence on oath and to produce any records and things that the Commissioner considers necessary for the audit, in the same manner and to the same extent as a superior court of record;
(b) administer oaths;
(c) receive and accept any evidence and other information, whether on oath, by affidavit or otherwise, that the Commissioner sees fit, whether or not it is or would be admissible in a court of law;
(d) at any reasonable time, enter any premises, other than a dwelling-house, occupied by the organization on satisfying any security requirements of the organization relating to the premises;
(e) converse in private with any person in any premises entered under paragraph (d) and otherwise carry out in those premises any inquiries that the Commissioner sees fit; and
(f) examine or obtain copies of or extracts from records found in any premises entered under paragraph (d) that contain any matter relevant to the audit.
Marginal note:Delegation
(2) The Commissioner may delegate any of the powers set out in subsection (1).
Marginal note:Return of records
(3) The Commissioner or the delegate shall return to a person or an organization any record or thing they produced under this section within ten days after they make a request to the Commissioner or the delegate, but nothing precludes the Commissioner or the delegate from again requiring that the record or thing be produced.
Marginal note:Certificate of delegation
(4) Any person to whom powers set out in subsection (1) are delegated shall be given a certificate of the delegation and the delegate shall produce the certificate, on request, to the person in charge of any premises to be entered under paragraph (1)(d).
- 2000, c. 5, s. 18
- 2015, c. 32, s. 16
Marginal note:Report of findings and recommendations
19 (1) After an audit, the Commissioner shall provide the audited organization with a report that contains the findings of the audit and any recommendations that the Commissioner considers appropriate.
Marginal note:Reports may be included in annual reports
(2) The report may be included in a report made under section 25.
DIVISION 4General
Marginal note:Confidentiality
20 (1) Subject to subsections (2) to (7), 12(3), 12.2(3), 13(3), 19(1), 23(3) and 23.1(1) and section 25, the Commissioner or any person acting on behalf or under the direction of the Commissioner shall not disclose any information that comes to their knowledge as a result of the performance or exercise of any of the Commissioner’s duties or powers under this Part other than those referred to in subsection 10.1(1) or 10.3(2).
Marginal note:Confidentiality — reports and records
(1.1) Subject to subsections (2) to (7), 12(3), 12.2(3), 13(3), 19(1), 23(3) and 23.1(1) and section 25, the Commissioner or any person acting on behalf or under the direction of the Commissioner shall not disclose any information contained in a report made under subsection 10.1(1) or in a record obtained under subsection 10.3(2).
Marginal note:Public interest
(2) The Commissioner may, if the Commissioner considers that it is in the public interest to do so, make public any information that comes to his or her knowledge in the performance or exercise of any of his or her duties or powers under this Part.
Marginal note:Disclosure of necessary information
(3) The Commissioner may disclose, or may authorize any person acting on behalf or under the direction of the Commissioner to disclose, information that in the Commissioner’s opinion is necessary to
(a) conduct an investigation or audit under this Part; or
(b) establish the grounds for findings and recommendations contained in any report under this Part.
Marginal note:Disclosure in the course of proceedings
(4) The Commissioner may disclose, or may authorize any person acting on behalf or under the direction of the Commissioner to disclose, information in the course of
(a) a prosecution for an offence under section 28;
(b) a prosecution for an offence under section 132 of the Criminal Code (perjury) in respect of a statement made under this Part;
(c) a hearing before the Court under this Part;
(d) an appeal from a decision of the Court; or
(e) a judicial review in relation to the performance or exercise of any of the Commissioner’s duties or powers under this Part.
Marginal note:Disclosure of offence authorized
(5) The Commissioner may disclose to the Attorney General of Canada or of a province, as the case may be, information relating to the commission of an offence against any law of Canada or a province on the part of an officer or employee of an organization if, in the Commissioner’s opinion, there is evidence of an offence.
Marginal note:Disclosure of breach of security safeguards
(6) The Commissioner may disclose, or may authorize any person acting on behalf or under the direction of the Commissioner to disclose to a government institution or a part of a government institution, any information contained in a report made under subsection 10.1(1) or in a record obtained under subsection 10.3(2) if the Commissioner has reasonable grounds to believe that the information could be useful in the investigation of a contravention of the laws of Canada or a province that has been, is being or is about to be committed.
Marginal note:Disclosure
(7) The Commissioner may disclose information, or may authorize any person acting on behalf or under the direction of the Commissioner to disclose information, in the course of proceedings in which the Commissioner has intervened under paragraph 50(c) of An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act or in accordance with subsection 58(3) or 60(1) of that Act.
- 2000, c. 5, s. 20
- 2010, c. 23, s. 86
- 2015, c. 32, ss. 17, 26
Marginal note:Not competent witness
21 The Commissioner or person acting on behalf or under the direction of the Commissioner is not a competent witness in respect of any matter that comes to their knowledge as a result of the performance or exercise of any of the Commissioner’s duties or powers under this Part in any proceeding other than
(a) a prosecution for an offence under section 28;
(b) a prosecution for an offence under section 132 of the Criminal Code (perjury) in respect of a statement made under this Part;
(c) a hearing before the Court under this Part; or
(d) an appeal from a decision of the Court.
Marginal note:Protection of Commissioner
22 (1) No criminal or civil proceedings lie against the Commissioner, or against any person acting on behalf or under the direction of the Commissioner, for anything done, reported or said in good faith as a result of the performance or exercise or purported performance or exercise of any duty or power of the Commissioner under this Part.
Marginal note:Defamation
(2) No action lies in defamation with respect to
(a) anything said, any information supplied or any record or thing produced in good faith in the course of an investigation or audit carried out by or on behalf of the Commissioner under this Part; and
(b) any report made in good faith by the Commissioner under this Part and any fair and accurate account of the report made in good faith for the purpose of news reporting.
- 2000, c. 5, s. 22
- 2015, c. 32, s. 18
Marginal note:Consultations with provinces
23 (1) If the Commissioner considers it appropriate to do so, or on the request of an interested person, the Commissioner may, in order to ensure that personal information is protected in as consistent a manner as possible, consult with any person who, under provincial legislation, has functions and duties similar to those of the Commissioner with respect to the protection of such information.
Marginal note:Agreements or arrangements with provinces
(2) The Commissioner may enter into agreements or arrangements with any person referred to in subsection (1) in order to
(a) coordinate the activities of their offices and the office of the Commissioner, including to provide for mechanisms for the handling of any complaint in which they are mutually interested;
(b) undertake and publish research or develop and publish guidelines or other instruments related to the protection of personal information;
(c) develop model contracts or other instruments for the protection of personal information that is collected, used or disclosed interprovincially or internationally; and
(d) develop procedures for sharing information referred to in subsection (3).
Marginal note:Sharing of information with provinces
(3) The Commissioner may, in accordance with any procedure established under paragraph (2)(d), share information with any person referred to in subsection (1), if the information
(a) could be relevant to an ongoing or potential investigation of a complaint or audit under this Part or provincial legislation that has objectives that are similar to this Part; or
(b) could assist the Commissioner or that person in the exercise of their functions and duties with respect to the protection of personal information.
Marginal note:Purpose and confidentiality
(4) The procedures referred to in paragraph (2)(d) shall
(a) restrict the use of the information to the purpose for which it was originally shared; and
(b) stipulate that the information be treated in a confidential manner and not be further disclosed without the express consent of the Commissioner.
- 2000, c. 5, s. 23
- 2010, c. 23, s. 87
Marginal note:Disclosure of information to foreign state
23.1 (1) Subject to subsection (3), the Commissioner may, in accordance with any procedure established under paragraph (4)(b), disclose information referred to in subsection (2) that has come to the Commissioner’s knowledge as a result of the performance or exercise of any of the Commissioner’s duties or powers under this Part to any person or body who, under the legislation of a foreign state, has
(a) functions and duties similar to those of the Commissioner with respect to the protection of personal information; or
(b) responsibilities that relate to conduct that is substantially similar to conduct that would be in contravention of this Part.
Marginal note:Information that can be shared
(2) The information that the Commissioner is authorized to disclose under subsection (1) is information that the Commissioner believes
(a) would be relevant to an ongoing or potential investigation or proceeding in respect of a contravention of the laws of a foreign state that address conduct that is substantially similar to conduct that would be in contravention of this Part; or
(b) is necessary to disclose in order to obtain from the person or body information that may be useful to an ongoing or potential investigation or audit under this Part.
Marginal note:Written arrangements
(3) The Commissioner may only disclose information to the person or body referred to in subsection (1) if the Commissioner has entered into a written arrangement with that person or body that
(a) limits the information to be disclosed to that which is necessary for the purpose set out in paragraph (2)(a) or (b);
(b) restricts the use of the information to the purpose for which it was originally shared; and
(c) stipulates that the information be treated in a confidential manner and not be further disclosed without the express consent of the Commissioner.
Marginal note:Arrangements
(4) The Commissioner may enter into arrangements with one or more persons or bodies referred to in subsection (1) in order to
(a) provide for cooperation with respect to the enforcement of laws protecting personal information, including the sharing of information referred to in subsection (2) and the provision of mechanisms for the handling of any complaint in which they are mutually interested;
(b) establish procedures for sharing information referred to in subsection (2);
(c) develop recommendations, resolutions, rules, standards or other instruments with respect to the protection of personal information;
(d) undertake and publish research related to the protection of personal information;
(e) share knowledge and expertise by different means, including through staff exchanges; or
(f) identify issues of mutual interest and determine priorities pertaining to the protection of personal information.
- 2010, c. 23, s. 87
- Date modified: