Commissioner's Overview = 1
Part One ? Report on the Privacy Act = 25
Introduction = 25
Investigations = 26
Complaints under the Privacy Act = 29
Definitions under the Privacy Act = 29
Summary of Select Cases under the Privacy Act = 30
Personal information found in DND dumpster = 30
Personal information destroyed prematurely by HRDC = 31
Concerns regarding release of information about groups by Statistics Canada = 32
New electronic system at National Defence compromised privacy of thousands = 33
Health Canada does not know if it disclosed personal information = 34
Information on vessel licences used to assess sales tax = 35
No standard for disclosure of personal information to doctors = 35
Personal information of refugee claimant disclosed to another claimant = 37
Selection boards and hand-written notes = 37
Personal e-mail not necessarily private = 38
Incidents under the Privacy Act = 40
Opening mail ? right to privacy must be first consideration = 40
Health Canada and its list of would-be marijuana users = 41
Completed firearms licence applications stolen from Justice Canada = 42
Concerns about biometric identification technology = 42
Taxpayer received someone else's refund = 43
Public Interest Disclosures = 43
Privacy Practices and Reviews = 52
Introduction = 52
Personal documents not shredded - Golden West Document Shredding Inc. = 52
Privacy concerns at Canadian Firearms Program = 56
New databank protocol in place following Longitudinal Labour Force File = 58
Reviews = 60
Immigration and Refugee Board, and Canadian Nuclear Safety Commission = 60
In the Courts = 60
Introduction = 60
Recent Decisions = 60
Privacy Commissioner v. Canada Labour Relations Board = 60
Information Commissioner of Canada (Appellant) v. Commissioner of the RCMP (Respondent) and Privacy Commissioner (Intervenor) = 61
Ongoing cases = 62
Traveller Declaration Forms (form E-311) = 62
Privacy Commissioner v. Attorney General of Canada = 62
The Charter Challenge = 63
Clayton Charles Ruby v. Solicitor General = 64
Office of the Commissioner of Official Languages (Appellant) v. Robert Lavigne (Respondent) = 66
Part Two ? Report on the Personal Information Protection and Electronic Documents Act = 67
Introduction = 67
Update on Provincial and Territorial Legislation = 69
Determination of "Substantially Similar" = 69
Consent = 69
Reasonable Person Test = 69
Access and Correction Rights = 69
Oversight = 70
Redress = 70
Legislative initiatives to regulate the private sector = 70
Health Sector = 70
Public Sector Legislation = 71
Investigations = 71
Commissioner's Findings = 72
Video surveillance activities in a public place [Principle 4.3, Schedule 1] = 72
Unsolicited e-mail from an Internet service provider [Principle 4.3, Schedule 1] = 73
Commissioner considers jurisdiction over third-party disclosure by bank subsidiary [section 30] = 74
Bank customer requests credit score information [Principle 4.9, Schedule 1, and section 8] = 75
Personal information retained after application rejected [Principle 4.5, Schedule 1] = 75
Security of a bank's automated telephone service [Principle 4.7, Schedule 1] = 77
Musician objects to collection of salary information by professional organization [section 2] = 78
Use and disclosure of personal information in telephone directories [Principle 4.3, Schedule 1] = 79
Bank teller writes account number on cheque [section 5(3)] = 80
Trucking company collects personal information intended for Canada Customs [Principle 4.4, Schedule 1] = 81
Bank loses customer's personal information [Principle 4.7, Schedule 1, and section 12(2)] = 83
Credit card applicant objects to bank's information-sharing policy = 84
Bank accused on withholding bond certificates [Principle 4.9, Schedule 1; and section 8] = 84
Selling of information on physicians' prescribing patterns [sections 2 and 3] = 85
Estate executor disappointed in search for safety deposit box information [Principles 4.5, 4.9, Schedule 1; and section 8(7)] = 87
Employee alleges non-consensual disclosure by employer to investment firm [section 7(3) and Principles 4.3 and 4.5, Schedule 1] = 88
Requester alleges non-receipt of credit report from agency [section 8] = 89
Airline accused of refusing access to personal information about vacation incidents [Principles 4.1 and 4.9, Schedule 1] = 90
Employee objects to employer's use of bank account number on pay statement [Principles 4.3 and 4.7, Schedule 1] = 91
Company asks for customer's SIN as matter of policy [Principles 4.3.3 and 4.4.1, Schedule 1; and section 5(3)] = 93
User accuses ISP owner of reading and blocking her e-mail [Principle 4.3, Schedule 1] = 94
Employer sends third parties copies of response to employee's access requests [Principles 4.3 and 4.5, Schedule 1; and section 5(3)] = 95
Telephone company demands identification from new subscribers [Principles 4.2, 4.2.3 and 4.3, 4.3.2, 4.3.3 Schedule 1; and section 5(3)] = 97
Broadcaster accused of collecting personal information via Web site [section 2; and Principle 4.3, Schedule 1] = 98
Couple alleges bank withheld loan information [sections 8(3) and 8(5)] = 9
Incidents under PIPED Act
Transportation company collects, discloses passengers' personal information = 101
Web site broadcasts cell phone conversations = 102
Privacy Practices and Reviews = 104
In the Courts = 104
Mathew Englander v. Telus Communications Inc. = 104
Ronald G. Maheu v. The Attorney General of Canada and IMS Health Canada = 105
Communications and Public Education = 106
Public education materials = 106
Advertising = 107
Web Site = 107
Part Three ? Corporate Services = 109
Gearing up for implementation of the private sector Act = 109
Corporate Structure = 112
Part One ? Report on the Privacy Act = 25
Introduction = 25
Investigations = 26
Complaints under the Privacy Act = 29
Definitions under the Privacy Act = 29
Summary of Select Cases under the Privacy Act = 30
Personal information found in DND dumpster = 30
Personal information destroyed prematurely by HRDC = 31
Concerns regarding release of information about groups by Statistics Canada = 32
New electronic system at National Defence compromised privacy of thousands = 33
Health Canada does not know if it disclosed personal information = 34
Information on vessel licences used to assess sales tax = 35
No standard for disclosure of personal information to doctors = 35
Personal information of refugee claimant disclosed to another claimant = 37
Selection boards and hand-written notes = 37
Personal e-mail not necessarily private = 38
Incidents under the Privacy Act = 40
Opening mail ? right to privacy must be first consideration = 40
Health Canada and its list of would-be marijuana users = 41
Completed firearms licence applications stolen from Justice Canada = 42
Concerns about biometric identification technology = 42
Taxpayer received someone else's refund = 43
Public Interest Disclosures = 43
Privacy Practices and Reviews = 52
Introduction = 52
Personal documents not shredded - Golden West Document Shredding Inc. = 52
Privacy concerns at Canadian Firearms Program = 56
New databank protocol in place following Longitudinal Labour Force File = 58
Reviews = 60
Immigration and Refugee Board, and Canadian Nuclear Safety Commission = 60
In the Courts = 60
Introduction = 60
Recent Decisions = 60
Privacy Commissioner v. Canada Labour Relations Board = 60
Information Commissioner of Canada (Appellant) v. Commissioner of the RCMP (Respondent) and Privacy Commissioner (Intervenor) = 61
Ongoing cases = 62
Traveller Declaration Forms (form E-311) = 62
Privacy Commissioner v. Attorney General of Canada = 62
The Charter Challenge = 63
Clayton Charles Ruby v. Solicitor General = 64
Office of the Commissioner of Official Languages (Appellant) v. Robert Lavigne (Respondent) = 66
Part Two ? Report on the Personal Information Protection and Electronic Documents Act = 67
Introduction = 67
Update on Provincial and Territorial Legislation = 69
Determination of "Substantially Similar" = 69
Consent = 69
Reasonable Person Test = 69
Access and Correction Rights = 69
Oversight = 70
Redress = 70
Legislative initiatives to regulate the private sector = 70
Health Sector = 70
Public Sector Legislation = 71
Investigations = 71
Commissioner's Findings = 72
Video surveillance activities in a public place [Principle 4.3, Schedule 1] = 72
Unsolicited e-mail from an Internet service provider [Principle 4.3, Schedule 1] = 73
Commissioner considers jurisdiction over third-party disclosure by bank subsidiary [section 30] = 74
Bank customer requests credit score information [Principle 4.9, Schedule 1, and section 8] = 75
Personal information retained after application rejected [Principle 4.5, Schedule 1] = 75
Security of a bank's automated telephone service [Principle 4.7, Schedule 1] = 77
Musician objects to collection of salary information by professional organization [section 2] = 78
Use and disclosure of personal information in telephone directories [Principle 4.3, Schedule 1] = 79
Bank teller writes account number on cheque [section 5(3)] = 80
Trucking company collects personal information intended for Canada Customs [Principle 4.4, Schedule 1] = 81
Bank loses customer's personal information [Principle 4.7, Schedule 1, and section 12(2)] = 83
Credit card applicant objects to bank's information-sharing policy = 84
Bank accused on withholding bond certificates [Principle 4.9, Schedule 1; and section 8] = 84
Selling of information on physicians' prescribing patterns [sections 2 and 3] = 85
Estate executor disappointed in search for safety deposit box information [Principles 4.5, 4.9, Schedule 1; and section 8(7)] = 87
Employee alleges non-consensual disclosure by employer to investment firm [section 7(3) and Principles 4.3 and 4.5, Schedule 1] = 88
Requester alleges non-receipt of credit report from agency [section 8] = 89
Airline accused of refusing access to personal information about vacation incidents [Principles 4.1 and 4.9, Schedule 1] = 90
Employee objects to employer's use of bank account number on pay statement [Principles 4.3 and 4.7, Schedule 1] = 91
Company asks for customer's SIN as matter of policy [Principles 4.3.3 and 4.4.1, Schedule 1; and section 5(3)] = 93
User accuses ISP owner of reading and blocking her e-mail [Principle 4.3, Schedule 1] = 94
Employer sends third parties copies of response to employee's access requests [Principles 4.3 and 4.5, Schedule 1; and section 5(3)] = 95
Telephone company demands identification from new subscribers [Principles 4.2, 4.2.3 and 4.3, 4.3.2, 4.3.3 Schedule 1; and section 5(3)] = 97
Broadcaster accused of collecting personal information via Web site [section 2; and Principle 4.3, Schedule 1] = 98
Couple alleges bank withheld loan information [sections 8(3) and 8(5)] = 9
Incidents under PIPED Act
Transportation company collects, discloses passengers' personal information = 101
Web site broadcasts cell phone conversations = 102
Privacy Practices and Reviews = 104
In the Courts = 104
Mathew Englander v. Telus Communications Inc. = 104
Ronald G. Maheu v. The Attorney General of Canada and IMS Health Canada = 105
Communications and Public Education = 106
Public education materials = 106
Advertising = 107
Web Site = 107
Part Three ? Corporate Services = 109
Gearing up for implementation of the private sector Act = 109
Corporate Structure = 112