alex/CanadianPayroll
1
0
Fork 0
mirror of https://github.com/alexandrebobkov/CanadianPayroll.git synced 2025-10-02 09:34:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

compliance

Browse Source
This commit is contained in:
Alex B.
2025-08-23 03:12:04 -04:00
parent be6fa71850
commit 3255bf40e7
8 changed files with 355 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
docs/build/doctrees/2_compliance.doctree vendored
View File

Binary file not shown.

BIN
docs/build/doctrees/environment.pickle vendored
View File

Binary file not shown.

145
docs/build/html/2_compliance.html vendored
View File

@@ -337,14 +337,14 @@ applicable statutory deductions.</p>
<section id="statistics-canada">
<h2><span class="section-number">2.5. </span>Statistics Canada<a class="headerlink" href="#statistics-canada" title="Link to this heading"></a></h2>
<p>Statistics Canada produces statistics that help Canadians better understand their country—its
population, resources, economy, society and culture.
In Canada, providing statistics is a federal responsibility. As Canadas central statistical
population, resources, economy, society and culture.</p>
<p>In Canada, providing statistics is a federal responsibility. As Canadas central statistical
agency, Statistics Canada is legislated under the Statistics Act to serve this function for the
whole of Canada and each of the provinces/territories.
Objective statistical information is vital to an open and democratic society. It provides a solid
whole of Canada and each of the provinces/territories.</p>
<p>Objective statistical information is vital to an open and democratic society. It provides a solid
foundation for informed decisions by elected representatives, businesses, unions and non-
profit organizations, as well as individual Canadians.
Statistics Canada is committed to protecting the confidentiality of all information entrusted to
profit organizations, as well as individual Canadians.</p>
<p>Statistics Canada is committed to protecting the confidentiality of all information entrusted to
them and to ensure that the information delivered is timely and relevant to Canadians.</p>
</section>
<section id="personal-privacy">
@@ -353,19 +353,19 @@ them and to ensure that the information delivered is timely and relevant to Cana
limits on the collection, use or disclosure of personal information. Private sector privacy laws
in Canada currently only cover the employee personal information of employees that work
for federally regulated companies or who are located in one of the four provinces with
provincial private sector privacy laws: Alberta, British Columbia, Manitoba and Québec1.
Public sector employees have some privacy protection under all jurisdictions except Ontario
provincial private sector privacy laws: Alberta, British Columbia, Manitoba and Québec.</p>
<p>Public sector employees have some privacy protection under all jurisdictions except Ontario
which excludes employee information from its public sector privacy legislation. Employees
who are covered by a collective agreement also have statutory privacy protection based on
arbitral jurisprudence and their particular collective agreement. Therefore, approximately
half of workers in Canada have privacy rights backed by legislation, while the remaining
50% of the countrys more than 20 million or so workers have privacy rights that are either
voluntarily set in place by employers who have developed employee privacy codes or have
privacy rights because they have a collective agreement in place.
Employers should also be aware that egregious violations of privacy may open them up to
privacy rights because they have a collective agreement in place.</p>
<p>Employers should also be aware that egregious violations of privacy may open them up to
civil damages, including class action lawsuits. Legislatures and the courts are recognizing
privacy rights and providing opportunities for civil remedies.
In drawing up its legislation for the protection of personal information, the Canadian
privacy rights and providing opportunities for civil remedies.</p>
<p>In drawing up its legislation for the protection of personal information, the Canadian
government based its privacy provisions on a set of guidelines that had been developed by
the Canadian Standards Association in its Model Code for the Protection of Personal
Information.</p>
@@ -375,40 +375,57 @@ Information.</p>
developed with input from organizations, governments, consumer associations and other
privacy stakeholders. They are incorporated in Federal private sector privacy legislation and
have become the generally accepted framework for evaluating privacy processes and systems
in Canada2.
Principle 1. Accountability
An organization is responsible for personal information under its control and shall designate
in Canada.</p>
<section id="principle-1-accountability">
<h4><span class="section-number">2.6.1.1. </span>Principle 1. Accountability<a class="headerlink" href="#principle-1-accountability" title="Link to this heading"></a></h4>
<p>An organization is responsible for personal information under its control and shall designate
an individual or individuals to be accountable for the organizations compliance with the
following principles.
Principle 2. Identifying Purposes
The purposes for which personal information is collected shall be identified by the
organization at or before the time the information is collected.
Principle 3. Consent
The knowledge and consent of the individual are required for the collection, use, or
following principles.</p>
</section>
<section id="principle-2-identifying-purposes">
<h4><span class="section-number">2.6.1.2. </span>Principle 2. Identifying Purposes<a class="headerlink" href="#principle-2-identifying-purposes" title="Link to this heading"></a></h4>
<p>The purposes for which personal information is collected shall be identified by the
organization at or before the time the information is collected.</p>
</section>
<section id="principle-3-consent">
<h4><span class="section-number">2.6.1.3. </span>Principle 3. Consent<a class="headerlink" href="#principle-3-consent" title="Link to this heading"></a></h4>
<p>The knowledge and consent of the individual are required for the collection, use, or
disclosure of personal information, except where inappropriate. Note: In certain
circumstances, personal information can be collected, used, or disclosed without the
knowledge and consent of the individual. For example, legal, medical, or security reasons
may make it impossible or impractical to seek consent.
Principle 4. Limiting Collection
The collection of personal information shall be limited to that which is necessary for the
may make it impossible or impractical to seek consent.</p>
</section>
<section id="principle-4-limiting-collection">
<h4><span class="section-number">2.6.1.4. </span>Principle 4. Limiting Collection<a class="headerlink" href="#principle-4-limiting-collection" title="Link to this heading"></a></h4>
<p>The collection of personal information shall be limited to that which is necessary for the
purposes identified by the organization. Information shall be collected by fair and lawful
means.
Principle 5. Limiting Use, Disclosure, and Retention
Personal information shall not be used or disclosed for purposes other than those for which it
means.</p>
</section>
<section id="principle-5-limiting-use-disclosure-and-retention">
<h4><span class="section-number">2.6.1.5. </span>Principle 5. Limiting Use, Disclosure, and Retention<a class="headerlink" href="#principle-5-limiting-use-disclosure-and-retention" title="Link to this heading"></a></h4>
<p>Personal information shall not be used or disclosed for purposes other than those for which it
was collected, except with the consent of the individual or as required by law. Personal
information shall be retained only as long as is necessary for the fulfillment of those
purposes.
Principle 6. Accuracy
Personal information shall be as accurate, complete, and up-to-date as is necessary for the
purposes for which it is to be used.
Principle 7. Safeguards
Personal information shall be protected by security safeguards appropriate to the sensitivity
of the information.
Principle 8. Openness
An organization shall make readily available to individuals specific information about its
policies and practices relating to the management of personal information.
Principle 9. Individual Access
Upon request, an individual shall be informed of the existence, use and disclosure of his or
purposes.</p>
</section>
<section id="principle-6-accuracy">
<h4><span class="section-number">2.6.1.6. </span>Principle 6. Accuracy<a class="headerlink" href="#principle-6-accuracy" title="Link to this heading"></a></h4>
<p>Personal information shall be as accurate, complete, and up-to-date as is necessary for the
purposes for which it is to be used.</p>
</section>
<section id="principle-7-safeguards">
<h4><span class="section-number">2.6.1.7. </span>Principle 7. Safeguards<a class="headerlink" href="#principle-7-safeguards" title="Link to this heading"></a></h4>
<p>Personal information shall be protected by security safeguards appropriate to the sensitivity
of the information.</p>
</section>
<section id="principle-8-openness">
<h4><span class="section-number">2.6.1.8. </span>Principle 8. Openness<a class="headerlink" href="#principle-8-openness" title="Link to this heading"></a></h4>
<p>An organization shall make readily available to individuals specific information about its
policies and practices relating to the management of personal information.</p>
</section>
<section id="principle-9-individual-access">
<h4><span class="section-number">2.6.1.9. </span>Principle 9. Individual Access<a class="headerlink" href="#principle-9-individual-access" title="Link to this heading"></a></h4>
<p>Upon request, an individual shall be informed of the existence, use and disclosure of his or
her personal information and shall be given access to that information. An individual shall be
able to challenge the accuracy and completeness of the information and have it amended as
appropriate. In certain situations, an organization may not be able to provide access to all the
@@ -418,15 +435,16 @@ individual upon request. Exceptions may include information that is prohibitivel
provide, information that contains references to other individuals, information that cannot be
disclosed for legal, security, or commercial proprietary reasons, and information that is
subject to solicitor-client or litigation privilege.</p>
</section>
<section id="principle-10-challenging-compliance">
<h4><span class="section-number">2.6.1.1. </span>Principle 10. Challenging Compliance<a class="headerlink" href="#principle-10-challenging-compliance" title="Link to this heading"></a></h4>
<h4><span class="section-number">2.6.1.10. </span>Principle 10. Challenging Compliance<a class="headerlink" href="#principle-10-challenging-compliance" title="Link to this heading"></a></h4>
<p>An individual shall be able to address a challenge concerning compliance with the above
principles to the designated individual or individuals accountable for the organizations
compliance.</p>
</section>
</section>
<section id="the-personal-information-protection-and-electronic-documents-act-pipeda">
<h3><span class="section-number">2.6.2. </span>The Personal Information Protection and Electronic Documents Act (PIPEDA)<a class="headerlink" href="#the-personal-information-protection-and-electronic-documents-act-pipeda" title="Link to this heading"></a></h3>
<section id="pipeda">
<h3><span class="section-number">2.6.2. </span>PIPEDA<a class="headerlink" href="#pipeda" title="Link to this heading"></a></h3>
<p>The federal government drew upon the CSA Privacy Principles in its drafting of the federal
Personal Information Protection and Electronic Documents Act (PIPEDA) and the spirit and
much of the wording of the principles can be found throughout PIPEDA.</p>
@@ -456,13 +474,14 @@ employees, or terminated employees to collect, use, and disclose information abo
person where the information is necessary for the creation, maintenance, and termination of
the employment relationship. It is, however, the case that the employer will provide notice to
the employee so that they are knowledgeable with respect to the information that the
employer collects, uses, and discloses.
This notice should be provided to prospective employees as part of the recruitment process
employer collects, uses, and discloses.</p>
<p>This notice should be provided to prospective employees as part of the recruitment process
and also as part of the on-boarding process. In addition, if there are changes to personal data
practices for employee information, employees should be informed about such changes in a
timely manner.</p>
</div>
<p><strong>Consent</strong></p>
<section id="consent">
<h4><span class="section-number">2.6.2.1. </span>Consent<a class="headerlink" href="#consent" title="Link to this heading"></a></h4>
<p>According to PIPEDA, employers must obtain an employees consent before they collect
personal information where that information is not required for the employment relationship.
Further, the information collected must be for a specific purpose and must be destroyed once
@@ -484,7 +503,9 @@ information. It is critical for those working in payroll to be aware of the requ
privacy legislation that applies to their employees and to have the necessary procedures in
place to comply with the legislation. If an employee chooses not to disclose the information
and is not required to do so by law, an employer cannot force an employee to divulge it.</p>
<p><strong>Exceptions to Consent Requirement</strong></p>
</section>
<section id="exceptions-to-consent-requirement">
<h4><span class="section-number">2.6.2.2. </span>Exceptions to Consent Requirement<a class="headerlink" href="#exceptions-to-consent-requirement" title="Link to this heading"></a></h4>
<p>Subparagraph 7(3) of the Personal Information Protection and Electronic Documents Act
(Bill C6) allows an employer to disclose personal information without the knowledge or
consent of the individual if the disclosure is made to a government institution which has
@@ -504,8 +525,10 @@ employment relationship between the federal work, undertaking or business and th
individual; and
(b) the federal work, undertaking or business has informed the individual that the personal
information will be or may be collected, used or disclosed for those purposes”.</p>
<p>Use and Storage of Personal Information
According to PIPEDA, organizations can only use information for the purpose for which it
</section>
<section id="use-and-storage-of-personal-information">
<h4><span class="section-number">2.6.2.3. </span>Use and Storage of Personal Information<a class="headerlink" href="#use-and-storage-of-personal-information" title="Link to this heading"></a></h4>
<p>According to PIPEDA, organizations can only use information for the purpose for which it
was collected. Employers must fully disclose in writing to the employee the reasons why
they require the information, as well as what will be done with it.</p>
<p>Personal information must not be disclosed to external stakeholders without the employees
@@ -517,8 +540,10 @@ to comply with employment/labour standards or human rights legislation. For exam
accommodate an employee for religious days and holidays, an employer needs to know about
the employees religious beliefs. To seek out this type of information for any other reason
invades the individuals right to privacy.</p>
<p>Limitations on Use - the Social Insurance Number example
The purpose of a social insurance number (SIN) is to identify an individual for specific
</section>
<section id="limitations-on-use-the-social-insurance-number-example">
<h4><span class="section-number">2.6.2.4. </span>Limitations on Use - the Social Insurance Number example<a class="headerlink" href="#limitations-on-use-the-social-insurance-number-example" title="Link to this heading"></a></h4>
<p>The purpose of a social insurance number (SIN) is to identify an individual for specific
government programs. This information may not be collected, stored, used or disclosed for
any other purpose without the employees consent. Where the SIN is to be used for purposes
of identification, an organization must provide a convenient method for the employee to
@@ -535,6 +560,7 @@ They should not be used as an identifier by any organization other than the gove
agencies mentioned above, unless the employee provides written consent to do so.</p>
</section>
</section>
</section>
<section id="pension-benefits-standards-act">
<h2><span class="section-number">2.7. </span>Pension Benefits Standards Act<a class="headerlink" href="#pension-benefits-standards-act" title="Link to this heading"></a></h2>
</section>
@@ -689,10 +715,25 @@ in your organizations privacy policy.</p>
<li><a class="reference internal" href="#statistics-canada">2.5. Statistics Canada</a></li>
<li><a class="reference internal" href="#personal-privacy">2.6. Personal Privacy</a><ul>
<li><a class="reference internal" href="#the-privacy-principles">2.6.1. The Privacy Principles</a><ul>
<li><a class="reference internal" href="#principle-10-challenging-compliance">2.6.1.1. Principle 10. Challenging Compliance</a></li>
<li><a class="reference internal" href="#principle-1-accountability">2.6.1.1. Principle 1. Accountability</a></li>
<li><a class="reference internal" href="#principle-2-identifying-purposes">2.6.1.2. Principle 2. Identifying Purposes</a></li>
<li><a class="reference internal" href="#principle-3-consent">2.6.1.3. Principle 3. Consent</a></li>
<li><a class="reference internal" href="#principle-4-limiting-collection">2.6.1.4. Principle 4. Limiting Collection</a></li>
<li><a class="reference internal" href="#principle-5-limiting-use-disclosure-and-retention">2.6.1.5. Principle 5. Limiting Use, Disclosure, and Retention</a></li>
<li><a class="reference internal" href="#principle-6-accuracy">2.6.1.6. Principle 6. Accuracy</a></li>
<li><a class="reference internal" href="#principle-7-safeguards">2.6.1.7. Principle 7. Safeguards</a></li>
<li><a class="reference internal" href="#principle-8-openness">2.6.1.8. Principle 8. Openness</a></li>
<li><a class="reference internal" href="#principle-9-individual-access">2.6.1.9. Principle 9. Individual Access</a></li>
<li><a class="reference internal" href="#principle-10-challenging-compliance">2.6.1.10. Principle 10. Challenging Compliance</a></li>
</ul>
</li>
<li><a class="reference internal" href="#pipeda">2.6.2. PIPEDA</a><ul>
<li><a class="reference internal" href="#consent">2.6.2.1. Consent</a></li>
<li><a class="reference internal" href="#exceptions-to-consent-requirement">2.6.2.2. Exceptions to Consent Requirement</a></li>
<li><a class="reference internal" href="#use-and-storage-of-personal-information">2.6.2.3. Use and Storage of Personal Information</a></li>
<li><a class="reference internal" href="#limitations-on-use-the-social-insurance-number-example">2.6.2.4. Limitations on Use - the Social Insurance Number example</a></li>
</ul>
</li>
<li><a class="reference internal" href="#the-personal-information-protection-and-electronic-documents-act-pipeda">2.6.2. The Personal Information Protection and Electronic Documents Act (PIPEDA)</a></li>
</ul>
</li>
<li><a class="reference internal" href="#pension-benefits-standards-act">2.7. Pension Benefits Standards Act</a></li>

53
docs/build/html/_sources/2_compliance.rst.txt vendored
View File

@@ -312,12 +312,15 @@ Statistics Canada
~~~~~~~~~~~~~~~~~~~~~
Statistics Canada produces statistics that help Canadians better understand their country—its
population, resources, economy, society and culture.
In Canada, providing statistics is a federal responsibility. As Canadas central statistical
In Canada, providing statistics is a federal responsibility. As Canada's central statistical
agency, Statistics Canada is legislated under the Statistics Act to serve this function for the
whole of Canada and each of the provinces/territories.
Objective statistical information is vital to an open and democratic society. It provides a solid
foundation for informed decisions by elected representatives, businesses, unions and non-
profit organizations, as well as individual Canadians.
Statistics Canada is committed to protecting the confidentiality of all information entrusted to
them and to ensure that the information delivered is timely and relevant to Canadians.
@@ -327,18 +330,21 @@ The Canadian federal government and all provincial governments have legislation
limits on the collection, use or disclosure of personal information. Private sector privacy laws
in Canada currently only cover the employee personal information of employees that work
for federally regulated companies or who are located in one of the four provinces with
provincial private sector privacy laws: Alberta, British Columbia, Manitoba and Québec1.
provincial private sector privacy laws: Alberta, British Columbia, Manitoba and Québec.
Public sector employees have some privacy protection under all jurisdictions except Ontario
which excludes employee information from its public sector privacy legislation. Employees
who are covered by a collective agreement also have statutory privacy protection based on
arbitral jurisprudence and their particular collective agreement. Therefore, approximately
half of workers in Canada have privacy rights backed by legislation, while the remaining
50% of the countrys more than 20 million or so workers have privacy rights that are either
50% of the country's more than 20 million or so workers have privacy rights that are either
voluntarily set in place by employers who have developed employee privacy codes or have
privacy rights because they have a collective agreement in place.
Employers should also be aware that egregious violations of privacy may open them up to
civil damages, including class action lawsuits. Legislatures and the courts are recognizing
privacy rights and providing opportunities for civil remedies.
In drawing up its legislation for the protection of personal information, the Canadian
government based its privacy provisions on a set of guidelines that had been developed by
the Canadian Standards Association in its Model Code for the Protection of Personal
@@ -351,39 +357,65 @@ The Canadian Standards Association (CSA) Model Code is a set of principles that
developed with input from organizations, governments, consumer associations and other
privacy stakeholders. They are incorporated in Federal private sector privacy legislation and
have become the generally accepted framework for evaluating privacy processes and systems
in Canada2.
in Canada.
Principle 1. Accountability
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
An organization is responsible for personal information under its control and shall designate
an individual or individuals to be accountable for the organization's compliance with the
following principles.
Principle 2. Identifying Purposes
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The purposes for which personal information is collected shall be identified by the
organization at or before the time the information is collected.
Principle 3. Consent
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The knowledge and consent of the individual are required for the collection, use, or
disclosure of personal information, except where inappropriate. Note: In certain
circumstances, personal information can be collected, used, or disclosed without the
knowledge and consent of the individual. For example, legal, medical, or security reasons
may make it impossible or impractical to seek consent.
Principle 4. Limiting Collection
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The collection of personal information shall be limited to that which is necessary for the
purposes identified by the organization. Information shall be collected by fair and lawful
means.
Principle 5. Limiting Use, Disclosure, and Retention
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Personal information shall not be used or disclosed for purposes other than those for which it
was collected, except with the consent of the individual or as required by law. Personal
information shall be retained only as long as is necessary for the fulfillment of those
purposes.
Principle 6. Accuracy
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Personal information shall be as accurate, complete, and up-to-date as is necessary for the
purposes for which it is to be used.
Principle 7. Safeguards
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Personal information shall be protected by security safeguards appropriate to the sensitivity
of the information.
Principle 8. Openness
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
An organization shall make readily available to individuals specific information about its
policies and practices relating to the management of personal information.
Principle 9. Individual Access
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Upon request, an individual shall be informed of the existence, use and disclosure of his or
her personal information and shall be given access to that information. An individual shall be
able to challenge the accuracy and completeness of the information and have it amended as
@@ -402,7 +434,7 @@ An individual shall be able to address a challenge concerning compliance with th
principles to the designated individual or individuals accountable for the organization's
compliance.
The Personal Information Protection and Electronic Documents Act (PIPEDA)
PIPEDA
--------------------------------------------------------------------------
The federal government drew upon the CSA Privacy Principles in its drafting of the federal
Personal Information Protection and Electronic Documents Act (PIPEDA) and the spirit and
@@ -439,12 +471,14 @@ plans that require the collection of even greater amounts of personal data.
the employment relationship. It is, however, the case that the employer will provide notice to
the employee so that they are knowledgeable with respect to the information that the
employer collects, uses, and discloses.
This notice should be provided to prospective employees as part of the recruitment process
and also as part of the on-boarding process. In addition, if there are changes to personal data
practices for employee information, employees should be informed about such changes in a
timely manner.
**Consent**
Consent
^^^^^^^^
According to PIPEDA, employers must obtain an employee's consent before they collect
personal information where that information is not required for the employment relationship.
@@ -472,7 +506,8 @@ privacy legislation that applies to their employees and to have the necessary pr
place to comply with the legislation. If an employee chooses not to disclose the information
and is not required to do so by law, an employer cannot force an employee to divulge it.
**Exceptions to Consent Requirement**
Exceptions to Consent Requirement
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Subparagraph 7(3) of the Personal Information Protection and Electronic Documents Act
(Bill C6) allows an employer to disclose personal information without the knowledge or
@@ -497,6 +532,8 @@ individual; and
information will be or may be collected, used or disclosed for those purposes”.
Use and Storage of Personal Information
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
According to PIPEDA, organizations can only use information for the purpose for which it
was collected. Employers must fully disclose in writing to the employee the reasons why
they require the information, as well as what will be done with it.
@@ -513,6 +550,8 @@ the employee's religious beliefs. To seek out this type of information for any o
invades the individual's right to privacy.
Limitations on Use - the Social Insurance Number example
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The purpose of a social insurance number (SIN) is to identify an individual for specific
government programs. This information may not be collected, stored, used or disclosed for
any other purpose without the employee's consent. Where the SIN is to be used for purposes

2
docs/build/html/index.html vendored
View File

@@ -85,7 +85,7 @@ to confidently perform essential payroll functions encountered in day-to-day ope
<li class="toctree-l2"><a class="reference internal" href="2_compliance.html#statistics-canada">2.5. Statistics Canada</a></li>
<li class="toctree-l2"><a class="reference internal" href="2_compliance.html#personal-privacy">2.6. Personal Privacy</a><ul>
<li class="toctree-l3"><a class="reference internal" href="2_compliance.html#the-privacy-principles">2.6.1. The Privacy Principles</a></li>
<li class="toctree-l3"><a class="reference internal" href="2_compliance.html#the-personal-information-protection-and-electronic-documents-act-pipeda">2.6.2. The Personal Information Protection and Electronic Documents Act (PIPEDA)</a></li>
<li class="toctree-l3"><a class="reference internal" href="2_compliance.html#pipeda">2.6.2. PIPEDA</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="2_compliance.html#pension-benefits-standards-act">2.7. Pension Benefits Standards Act</a></li>

2
docs/build/html/searchindex.js vendored
View File

File diff suppressed because one or more lines are too long

2
docs/build/simplepdf/.buildinfo vendored
View File

@@ -1,4 +1,4 @@
# Sphinx build info version 1
# This file records the configuration used when building these files. When it is not found, a full rebuild will be done.
config: 764301d1f33bee9d180cae81411c038c
config: 05adfde78bb1ac24db87a63557140a07
tags: 62a1e7829a13fc7881b6498c52484ec0

149
docs/build/simplepdf/index.html vendored
View File

@@ -211,8 +211,8 @@
</a>
</li>
<li class="toctree-l3">
<a class="reference internal" href="#the-personal-information-protection-and-electronic-documents-act-pipeda">
2.6.2. The Personal Information Protection and Electronic Documents Act (PIPEDA)
<a class="reference internal" href="#pipeda">
2.6.2. PIPEDA
</a>
</li>
</ul>
@@ -2024,12 +2024,18 @@ applicable statutory deductions.
<p>
Statistics Canada produces statistics that help Canadians better understand their country&mdash;its
population, resources, economy, society and culture.
</p>
<p>
In Canada, providing statistics is a federal responsibility. As Canada&rsquo;s central statistical
agency, Statistics Canada is legislated under the Statistics Act to serve this function for the
whole of Canada and each of the provinces/territories.
</p>
<p>
Objective statistical information is vital to an open and democratic society. It provides a solid
foundation for informed decisions by elected representatives, businesses, unions and non-
profit organizations, as well as individual Canadians.
</p>
<p>
Statistics Canada is committed to protecting the confidentiality of all information entrusted to
them and to ensure that the information delivered is timely and relevant to Canadians.
</p>
@@ -2046,7 +2052,9 @@ them and to ensure that the information delivered is timely and relevant to Cana
limits on the collection, use or disclosure of personal information. Private sector privacy laws
in Canada currently only cover the employee personal information of employees that work
for federally regulated companies or who are located in one of the four provinces with
provincial private sector privacy laws: Alberta, British Columbia, Manitoba and Qu&eacute;bec1.
provincial private sector privacy laws: Alberta, British Columbia, Manitoba and Qu&eacute;bec.
</p>
<p>
Public sector employees have some privacy protection under all jurisdictions except Ontario
which excludes employee information from its public sector privacy legislation. Employees
who are covered by a collective agreement also have statutory privacy protection based on
@@ -2055,9 +2063,13 @@ half of workers in Canada have privacy rights backed by legislation, while the r
50% of the country&rsquo;s more than 20 million or so workers have privacy rights that are either
voluntarily set in place by employers who have developed employee privacy codes or have
privacy rights because they have a collective agreement in place.
</p>
<p>
Employers should also be aware that egregious violations of privacy may open them up to
civil damages, including class action lawsuits. Legislatures and the courts are recognizing
privacy rights and providing opportunities for civil remedies.
</p>
<p>
In drawing up its legislation for the protection of personal information, the Canadian
government based its privacy provisions on a set of guidelines that had been developed by
the Canadian Standards Association in its Model Code for the Protection of Personal
@@ -2075,39 +2087,119 @@ Information.
developed with input from organizations, governments, consumer associations and other
privacy stakeholders. They are incorporated in Federal private sector privacy legislation and
have become the generally accepted framework for evaluating privacy processes and systems
in Canada2.
in Canada.
</p>
<section id="principle-1-accountability">
<h5>
Principle 1. Accountability
<a class="headerlink" href="#principle-1-accountability" title="Link to this heading">
&para;
</a>
</h5>
<p>
An organization is responsible for personal information under its control and shall designate
an individual or individuals to be accountable for the organization&rsquo;s compliance with the
following principles.
</p>
</section>
<section id="principle-2-identifying-purposes">
<h5>
Principle 2. Identifying Purposes
<a class="headerlink" href="#principle-2-identifying-purposes" title="Link to this heading">
&para;
</a>
</h5>
<p>
The purposes for which personal information is collected shall be identified by the
organization at or before the time the information is collected.
</p>
</section>
<section id="principle-3-consent">
<h5>
Principle 3. Consent
<a class="headerlink" href="#principle-3-consent" title="Link to this heading">
&para;
</a>
</h5>
<p>
The knowledge and consent of the individual are required for the collection, use, or
disclosure of personal information, except where inappropriate. Note: In certain
circumstances, personal information can be collected, used, or disclosed without the
knowledge and consent of the individual. For example, legal, medical, or security reasons
may make it impossible or impractical to seek consent.
</p>
</section>
<section id="principle-4-limiting-collection">
<h5>
Principle 4. Limiting Collection
<a class="headerlink" href="#principle-4-limiting-collection" title="Link to this heading">
&para;
</a>
</h5>
<p>
The collection of personal information shall be limited to that which is necessary for the
purposes identified by the organization. Information shall be collected by fair and lawful
means.
</p>
</section>
<section id="principle-5-limiting-use-disclosure-and-retention">
<h5>
Principle 5. Limiting Use, Disclosure, and Retention
<a class="headerlink" href="#principle-5-limiting-use-disclosure-and-retention" title="Link to this heading">
&para;
</a>
</h5>
<p>
Personal information shall not be used or disclosed for purposes other than those for which it
was collected, except with the consent of the individual or as required by law. Personal
information shall be retained only as long as is necessary for the fulfillment of those
purposes.
</p>
</section>
<section id="principle-6-accuracy">
<h5>
Principle 6. Accuracy
<a class="headerlink" href="#principle-6-accuracy" title="Link to this heading">
&para;
</a>
</h5>
<p>
Personal information shall be as accurate, complete, and up-to-date as is necessary for the
purposes for which it is to be used.
</p>
</section>
<section id="principle-7-safeguards">
<h5>
Principle 7. Safeguards
<a class="headerlink" href="#principle-7-safeguards" title="Link to this heading">
&para;
</a>
</h5>
<p>
Personal information shall be protected by security safeguards appropriate to the sensitivity
of the information.
</p>
</section>
<section id="principle-8-openness">
<h5>
Principle 8. Openness
<a class="headerlink" href="#principle-8-openness" title="Link to this heading">
&para;
</a>
</h5>
<p>
An organization shall make readily available to individuals specific information about its
policies and practices relating to the management of personal information.
</p>
</section>
<section id="principle-9-individual-access">
<h5>
Principle 9. Individual Access
<a class="headerlink" href="#principle-9-individual-access" title="Link to this heading">
&para;
</a>
</h5>
<p>
Upon request, an individual shall be informed of the existence, use and disclosure of his or
her personal information and shall be given access to that information. An individual shall be
able to challenge the accuracy and completeness of the information and have it amended as
@@ -2119,6 +2211,7 @@ provide, information that contains references to other individuals, information
disclosed for legal, security, or commercial proprietary reasons, and information that is
subject to solicitor-client or litigation privilege.
</p>
</section>
<section id="principle-10-challenging-compliance">
<h5>
Principle 10. Challenging Compliance
@@ -2133,10 +2226,10 @@ compliance.
</p>
</section>
</section>
<section id="the-personal-information-protection-and-electronic-documents-act-pipeda">
<section id="pipeda">
<h4>
The Personal Information Protection and Electronic Documents Act (PIPEDA)
<a class="headerlink" href="#the-personal-information-protection-and-electronic-documents-act-pipeda" title="Link to this heading">
PIPEDA
<a class="headerlink" href="#pipeda" title="Link to this heading">
&para;
</a>
</h4>
@@ -2183,17 +2276,21 @@ person where the information is necessary for the creation, maintenance, and ter
the employment relationship. It is, however, the case that the employer will provide notice to
the employee so that they are knowledgeable with respect to the information that the
employer collects, uses, and discloses.
</p>
<p>
This notice should be provided to prospective employees as part of the recruitment process
and also as part of the on-boarding process. In addition, if there are changes to personal data
practices for employee information, employees should be informed about such changes in a
timely manner.
</p>
</div>
<p>
<strong>
<section id="consent">
<h5>
Consent
</strong>
</p>
<a class="headerlink" href="#consent" title="Link to this heading">
&para;
</a>
</h5>
<p>
According to PIPEDA, employers must obtain an employee&rsquo;s consent before they collect
personal information where that information is not required for the employment relationship.
@@ -2235,11 +2332,14 @@ privacy legislation that applies to their employees and to have the necessary pr
place to comply with the legislation. If an employee chooses not to disclose the information
and is not required to do so by law, an employer cannot force an employee to divulge it.
</p>
<p>
<strong>
</section>
<section id="exceptions-to-consent-requirement">
<h5>
Exceptions to Consent Requirement
</strong>
</p>
<a class="headerlink" href="#exceptions-to-consent-requirement" title="Link to this heading">
&para;
</a>
</h5>
<p>
Subparagraph 7(3) of the Personal Information Protection and Electronic Documents Act
(Bill C6) allows an employer to disclose personal information without the knowledge or
@@ -2265,8 +2365,15 @@ individual; and
(b) the federal work, undertaking or business has informed the individual that the personal
information will be or may be collected, used or disclosed for those purposes&rdquo;.
</p>
<p>
</section>
<section id="use-and-storage-of-personal-information">
<h5>
Use and Storage of Personal Information
<a class="headerlink" href="#use-and-storage-of-personal-information" title="Link to this heading">
&para;
</a>
</h5>
<p>
According to PIPEDA, organizations can only use information for the purpose for which it
was collected. Employers must fully disclose in writing to the employee the reasons why
they require the information, as well as what will be done with it.
@@ -2284,8 +2391,15 @@ accommodate an employee for religious days and holidays, an employer needs to kn
the employee&rsquo;s religious beliefs. To seek out this type of information for any other reason
invades the individual&rsquo;s right to privacy.
</p>
<p>
</section>
<section id="limitations-on-use-the-social-insurance-number-example">
<h5>
Limitations on Use - the Social Insurance Number example
<a class="headerlink" href="#limitations-on-use-the-social-insurance-number-example" title="Link to this heading">
&para;
</a>
</h5>
<p>
The purpose of a social insurance number (SIN) is to identify an individual for specific
government programs. This information may not be collected, stored, used or disclosed for
any other purpose without the employee&rsquo;s consent. Where the SIN is to be used for purposes
@@ -2310,6 +2424,7 @@ agencies mentioned above, unless the employee provides written consent to do so.
</p>
</section>
</section>
</section>
<section id="pension-benefits-standards-act">
<h3>
Pension Benefits Standards Act