First Reference Talks

Discussions on Human Resources, Employment Law and Payroll

You are here: Home / Human Resources / Privacy Commissioner of Canada releases guidance on privacy and the COVID-19 outbreak

By | 3 Minutes Read

Privacy Commissioner of Canada releases guidance on privacy and the COVID-19 outbreak

privacy

On March 20, 2020, the Office of the Privacy Commissioner of Canada issued guidance to help organizations subject to federal privacy laws understand their privacy-related obligations during the COVID-19 outbreak. The assistance comes as the outbreak raises questions about privacy issues during a pandemic.

The main message is that, during a public health crisis, privacy laws still apply − but they are not a barrier to appropriate information sharing.

Essentially, the Office of the Privacy Commissioner states that, though there may be certain privacy provisions that authorize the collection, use and disclosure of personal information in a public health crisis, it is still necessary to communicate to the persons involved the specific legislative authority that is being relied upon (exactly what provisions) when collecting, using or disclosing the personal information.

Moreover, the Office of the Privacy Commissioner states:

Public health situations are sometimes referred to as emergencies. Under both federal and provincial laws, governments are authorized to declare formal public emergencies. Where that is done, the powers to collect, use and disclose personal information may be further extended and can be very broad. To understand the impact of such legislation on privacy, one has to read its specific terms. Normal privacy laws apply unless emergency legislation provides otherwise.

If we examine the Personal Information Protection and Electronic Documents Act (PIPEDA) for a moment, notwithstanding both consent requirements that can be found in section 6.1 and Principle 3 in Schedule 1 of PIPEDA, and requirements allowing the collection, use and disclosure of personal information only for purposes that a reasonable person would consider appropriate in the circumstances as seen in subsection 5(3) of PIPEDA, there may be some specific circumstances under which organizations may collect, use, or disclose personal information without the consent of the individual.

Here are a few examples:

  • Section 7(1)(a): the collection of personal information is clearly in the interests of the individual, and consent cannot be obtained in a timely way. For instance, there could be a situation where an individual is critically ill or in a dangerous situation, and needs help
  • Sections 7(2)(b) or 7(3)(e): the use or disclosure of personal information is for the purpose of acting in respect of an emergency that threatens the life, health or security of an individual. For example, there could be a situation where an individual requires urgent medical attention, and they are unable to communicate directly with medical professionals
  • Section 7(3)(d)(i): the disclosure of personal information is made on the initiative of the organization to a government institution, which has reasonable grounds to believe that the information relates to a contravention of the laws of Canada, a province or a foreign jurisdiction that has been, is being, or is about to be committed. For instance, there could be a situation where an organization believes an individual is in contravention of an invoked quarantine order

What does this mean for employers?

It is important to reiterate that, during a public health crisis, privacy laws still apply − but they are not a barrier to appropriate information sharing.

Employers are recommended to review the privacy laws that apply to their organizations and be aware that there may be some provisions that allow for the collection, use or disclosure of individuals’ personal information in public health crises. But as explained above, it is still necessary to communicate to the individuals involved which privacy provisions are being relied upon by organizations that are collecting, using or disclosing the personal information in these circumstances.

Follow me

Christina Catenacci

Christina Catenacci, BA, LLB, LLM, was called to the Ontario Bar in 2002 and has since been a member of the Ontario Bar Association. Christina worked as an editor with First Reference between February 2005 and August 2015, working on publications including The Human Resources Advisor (Ontario, Western and Atlantic editions), HRinfodesk discussing topics in Labour and Employment Law. Christina has decided to pursue a PhD at the University of Western Ontario beginning in the fall of 2015. Read more
Follow me

Latest posts by Christina Catenacci (see all)

Share with a friend or colleague

Get the Latest Posts in your Inbox for Free!

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,665 other subscribers

Manage Policies, Manage Risks!

No credit card, no obligation!

Free Sign Up

Recommended for you

Leave a Reply

Your email address will not be published. Required fields are marked *

About us

Established in 1995, First Reference Inc. (known as La Référence in Quebec) provides Canadian organizations of any size with practical and authoritative resources to help ensure compliance.

Main Menu

Stay Connected