On September 13 Manitoba's new Personal Information Protection and Identity Theft
Prevention Act SM2013, C.17 received royal assent. It still has
to be proclaimed in force. When that happens, Manitoba will join British Columbia , Alberta , and Quebec with provincial private sector
legislation protecting personal information. The legislation
applies to "every organization and in respect of all personal
information". Organizations include corporations,
unincorporated associations, unions, partnerships and individuals
when they are acting in a commercial capacity. The legislation does
not apply to public bodies or to personal information under the
control of a public body. Public bodies are generally covered by
the Freedom
of Information and Protection of Privacy Act . In addition,
Manitoba also has a Privacy Act C.C.S.M. c. P125 which creates a cause
of action for breach of privacy.
The legislation will fall under the umbrella of the Manitoba
Ombudsman who is currently responsible for the FIPPA
legislation. There does not, however, appear to be a complaint
mechanism and the Ombudsman does not have order-making powers. The
legislation does, however, create offences for willfully
collecting, using or disclosing personal information in
contravention of the legislation or for willfully attempting to
gain or gaining access to personal information in contravention of
the legislation. It is also an offence to dispose or alter,
falsify, conceal or destroy personal information or any record
relating to personal information, or direct another person to do
so, with an intent to evade a request for access to the information
or the record. These offences are subject to a summary conviction
and fines of up to $10,000 for an individual and $100,000 for a
person other than an individual. There is a defence of due
diligence – "Neither an organization nor an individual
is guilty of an offence under this Act if it is established to the
satisfaction of the court that the organization or individual, as
the case may be, acted reasonably in the circumstances that gave
rise to the offence." (s. 41)
Otherwise, the legislation relies on the basic principle that
personal information may only be collected, used and disclosed with
the informed consent of the individual involved and, in many ways,
mirrors the legislation in the other two western provinces. We will
post another comment when the legislation comes into force.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.