• First Reference
  • About us
  • Contact us
  • Blog Signup 📨

First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies
You are here: Home / Health and Safety / Privacy Commissioner of Canada releases guidance on privacy and the COVID-19 outbreak

By Christina Catenacci, BA, LLB, LLM, PhD | 3 Minutes Read April 1, 2020

Privacy Commissioner of Canada releases guidance on privacy and the COVID-19 outbreak

privacy

On March 20, 2020, the Office of the Privacy Commissioner of Canada issued guidance to help organizations subject to federal privacy laws understand their privacy-related obligations during the COVID-19 outbreak. The assistance comes as the outbreak raises questions about privacy issues during a pandemic.

The main message is that, during a public health crisis, privacy laws still apply − but they are not a barrier to appropriate information sharing.

Essentially, the Office of the Privacy Commissioner states that, though there may be certain privacy provisions that authorize the collection, use and disclosure of personal information in a public health crisis, it is still necessary to communicate to the persons involved the specific legislative authority that is being relied upon (exactly what provisions) when collecting, using or disclosing the personal information.

Moreover, the Office of the Privacy Commissioner states:

Public health situations are sometimes referred to as emergencies. Under both federal and provincial laws, governments are authorized to declare formal public emergencies. Where that is done, the powers to collect, use and disclose personal information may be further extended and can be very broad. To understand the impact of such legislation on privacy, one has to read its specific terms. Normal privacy laws apply unless emergency legislation provides otherwise.

If we examine the Personal Information Protection and Electronic Documents Act (PIPEDA) for a moment, notwithstanding both consent requirements that can be found in section 6.1 and Principle 3 in Schedule 1 of PIPEDA, and requirements allowing the collection, use and disclosure of personal information only for purposes that a reasonable person would consider appropriate in the circumstances as seen in subsection 5(3) of PIPEDA, there may be some specific circumstances under which organizations may collect, use, or disclose personal information without the consent of the individual.

Here are a few examples:

  • Section 7(1)(a): the collection of personal information is clearly in the interests of the individual, and consent cannot be obtained in a timely way. For instance, there could be a situation where an individual is critically ill or in a dangerous situation, and needs help
  • Sections 7(2)(b) or 7(3)(e): the use or disclosure of personal information is for the purpose of acting in respect of an emergency that threatens the life, health or security of an individual. For example, there could be a situation where an individual requires urgent medical attention, and they are unable to communicate directly with medical professionals
  • Section 7(3)(d)(i): the disclosure of personal information is made on the initiative of the organization to a government institution, which has reasonable grounds to believe that the information relates to a contravention of the laws of Canada, a province or a foreign jurisdiction that has been, is being, or is about to be committed. For instance, there could be a situation where an organization believes an individual is in contravention of an invoked quarantine order

What does this mean for employers?

It is important to reiterate that, during a public health crisis, privacy laws still apply − but they are not a barrier to appropriate information sharing.

Employers are recommended to review the privacy laws that apply to their organizations and be aware that there may be some provisions that allow for the collection, use or disclosure of individuals’ personal information in public health crises. But as explained above, it is still necessary to communicate to the individuals involved which privacy provisions are being relied upon by organizations that are collecting, using or disclosing the personal information in these circumstances.

  • About
  • Latest Posts
Follow me
Christina Catenacci, BA, LLB, LLM, PhD
Christina Catenacci, BA, LLB, LLM, PhD, is a member of the Law Society of Ontario. Christina worked as an editor with First Reference between 2005 and 2015 working on publications including The Human Resources Advisor (Ontario, Western and Atlantic editions), HRinfodesk, and First Reference Talks blog discussing topics in Canadian Labour and Employment Law. She continues to contribute to First Reference Talks as a regular guest blogger, where she writes on privacy and surveillance topics. Christina has also appeared in the Montreal AI Ethics Institute's AI Brief, International Association of Privacy Professionals’ Privacy Advisor, Tech Policy Press, and Slaw - Canada's online legal magazine.
Follow me
Latest posts by Christina Catenacci, BA, LLB, LLM, PhD (see all)
  • Hefty GDPR fine for Meta - January 20, 2023
  • 2022 report: More data breaches and costs rising - November 1, 2022
  • Bill C-27: a look at proposed AI provisions - August 9, 2022

Article by Christina Catenacci, BA, LLB, LLM, PhD / Health and Safety, Privacy / COVID-19, employment law, pandemic, personal information, privacy laws, public health

Share with a friend or colleague

Get the Latest Posts in your Inbox for Free!

Electronic monitoring

About Christina Catenacci, BA, LLB, LLM, PhD

Christina Catenacci, BA, LLB, LLM, PhD, is a member of the Law Society of Ontario. Christina worked as an editor with First Reference between 2005 and 2015 working on publications including The Human Resources Advisor (Ontario, Western and Atlantic editions), HRinfodesk, and First Reference Talks blog discussing topics in Canadian Labour and Employment Law. She continues to contribute to First Reference Talks as a regular guest blogger, where she writes on privacy and surveillance topics. Christina has also appeared in the Montreal AI Ethics Institute's AI Brief, International Association of Privacy Professionals’ Privacy Advisor, Tech Policy Press, and Slaw - Canada's online legal magazine.

Footer

About us

Established in 1995, First Reference is the leading publisher of up to date, practical and authoritative HR compliance and policy databases that are essential to ensure organizations meet their due diligence and duty of care requirements.

First Reference Talks

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies

Main Menu

  • About First Reference
  • Resources
  • Contact us
  • 1 800 750 8175

Stay Connected

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

We welcome your comments on our blog articles. However, we do not respond to specific legal questions in this space.
We do not provide any form of legal advice or legal opinion. Please consult a lawyer in your jurisdiction or try one of our products.


Copyright © 2009 - 2023 · First Reference Inc. · All Rights Reserved
Legal and Copyright Notices · Publisher's Disclaimer · Privacy Policy · Accessibility Policy