David T.S. Fraser has a great blog covering information privacy in Canada, The Canadian Privacy Law Blog. He just posted the proposed Bill 16, the Personal Information International Disclosure Protection Act, that was introduced in the Nova Scotia legislature last week.
Just one of the interesting passages within:
"5(1) A public body shall ensure that personal information in its custody or under its control is stored only in Canada and accessed only in Canada, unless
(a) where the individual the information is about has identified the information and has consented, in the manner prescribed by the regulations to it being stored in or accessed from, as the case may be, outside Canada;
(b) where it is stored in or accessed from outside Canada for the purpose of disclosure allowed under this Act; or
(c) the head of the public body has allowed storage or access outside Canada pursuant to subsection (2).(2) The head of a public body may allow storage or acess outside Canada of personal information in its custody or under its control, subject to any restrictions or conditions the head considers advisable, if the head considers the storage or access is to meet the necessary requirements of the public body’s operation."
The proposed bill is 11 pages long, and there is much, much more. However, this gives you a good indication and good flavor for how this *proposed* bill is incorporating more and more of the OECD privacy principles and aligning even more more with the types of requirements such as those found within the EU Data Protection Directive than their existing laws, such as Canada’s PIPEDA.
In the past few years it seems most U.S. organizations, with regard to international data protection activities, have been primarily concerned with data protection issues within their EU offices and for their EU customers. This proposed Canadian bill is likely to be a bellwether for more and similar bills within other countries. A good reason for organizations everywhere to start thinking more globally and in a more unified manner with regard to handling the personal information they collect.
Technorati Tags
Bill 16
compliance
EU Data Protection Directive
data protection
government
personal information protection
international law
privacy