APEGA, PIPA and PIPEDA
As of January 1, 2004, new rules will apply to all organizations that collect, use and disclose personal information about individuals. The purpose of this paper is to provide a sketch outline of APEGA responsibilities that will apply in the future under PIPA – the Personal Information Protection Act of Alberta, and PIPEDA - the Personal Information Protection and Electronic Documents Act, and Act of the Government of Canada..
PIPA was introduced by way of Bill 44 in the Alberta legislature and was given first reading in the spring sitting. The Alberta government had the Bill approved in its fall 2003 sitting. It is quite clear that insofar as APEGA’s status as a “Professional Regulatory Organization” its regulatory activities in Alberta will be subject to PIPA rules.
Regular updates on privacy legislation in Alberta can be obtained from:.
Activities Beyond Alberta and Regulatory Mandate
APEGA’s activities include a number of things well beyond a strictly regulatory mandate. There are also regulatory activities that go beyond the borders of Alberta, such as examinations for other associations and inter-association transfer application information. APEGA members may participate in member benefits that have been negotiated by the Engineers Canada. These are considered to be commercial activities. The federal legislation that has a bearing on these APEGA activities is the Personal Information Protection and Electronic Documents Act (PIPEDA). This Act was passed in 2000 and initially applied only to the federally regulated private sector. However, on January 1, 2004, it will also apply to commercial activities undertaken in the provincially regulated private sector, unless provinces pass legislation that the federal government deems "substantially similar" to the federal Act. The federal privacy commissioners office views the regulatory licensing activities under a provincial statute as falling under this umbrella in the absence of applicable provincial legislation.
Canadian provinces have an option to either pass equivalent legislation that covers professional licensing or become subject to PIPEDA. Since many provinces have no intention of working on their own privacy legislation, it follows that many of the associations within Canada will be subject to PIPEDA effective January 1, 2004. Therefore we can expect that exchanges of information with sister associations and with the Engineers Canada will be subject to PIPEDA.
A recent conference held by the Alberta government for professional associations was assured that the new acting federal privacy commissioner has ruled that the draft Alberta legislation is “substantially equivalent” to the federal Act. This conference also suggested that professional regulatory organizations may wish to develop their own “Personal Information Code”. APEGA has developed a summary version of this policy as its code. Note that this Code is useful in communicating our commitment to privacy principles to members, but final determination of compliance is subject to PIPEDA and/or PIPA depending on the specific circumstance involved.
APEGA Personal Information Code
APEGA respects the privacy of its members and is committed to protecting their personal information. In this privacy statement “personal information” means information that reveals a distinctive trait about you, helps to identify you and is not available in the public domain. It does not include business contact information, or the information provided to issue and maintain professional status or any other class or category of registration under the Engineering, Geological and Geophysical Professions Act. This Act is our legislated mandate under provincial statute, and any activity under that Act is subject to the obligations set out in the EGGP Act and in the Personal Information Protection Act of Alberta.
APEGA adheres to the privacy standards of the Canadian Standards Association regarding collection, use, disclosure and retention of personal information. Compliance with these principles is verified regularly and revised as needed. Your contact information is collected, maintained and disclosed to approved providers of member services with your consent in keeping with these principles. The principles in summary are:
APEGA is responsible for personal information under its control and has designated its Registrar as the individual for APEGA’s compliance with the following principles.
2. Identifying Purpose
The purpose for which personal information is collected shall be identified by APEGA at or before the time the information is collected.
The knowledge and consent of an individual is required for the collection, use, or disclosure of personal information, except where inappropriate. In its investigation of member conduct or the investigation of an applicant’s suitability for registration, specific information may be kept confidential from the member or applicant in order to protect the integrity of the investigation process.
4. Limiting Collection
The collection of personal information will be limited to that which is necessary for the purposes identified by APEGA. The information will be collected by a fair and lawful means.
5. Limiting Use, Disclosure and Retention
Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
Personal information will be as accurate, complete, and up-to-date as is necessary for the purpose for which it is to be used.
Personal information will be protected by security safeguards appropriate to the sensitivity of the information.
APEGA will make readily available to individuals specific information about its policies and practices relating to the management of personal information.
9. Individual Access
Upon request, an individual will be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
10. Challenging Compliance
An individual is able to address a challenge concerning compliance with the
above principles to the Registrar.
What information does APEGA collect and how do we collect it?
Every computer connected to the Internet is given a domain name and a set of numbers that serve as that computer's "Internet Protocol" (IP address). When a visitor requests a page from any website within the APEGA network, our web servers automatically recognize that visitor's domain name and IP address. The domain name and IP address reveal nothing personal about you other than the IP address from which you have accessed our site. We use this information to examine our traffic in aggregate, and to investigate misuse of our network or to cooperate with law enforcement. We do not collect and evaluate this information for specific individuals. Our web servers do not automatically record e-mail addresses of the visitors.
What are cookies?
How does APEGA protect my privacy?
When you are on an APEGA website and are asked for personal information, you are sharing that information with APEGA alone. APEGA will not disclose any of your personally identifiable information except under special circumstances, such as when we believe in good faith that the law requires such a disclosure. APEGA does not share personal information you provide to us with other companies.
What other information do we request?
We may also request your e-mail address or mailing address for the purposes of conducting a survey or to provide additional services (for example, event registration confirmation, subscriptions to e-mail newsletters, announcement lists or information about conferences and trade shows). Whenever we request the identity of a visitor, we will clearly indicate the purpose of the inquiry before the information is requested. We maintain a strict "No-Spam" policy that means that we do not sell,
Will APEGA disclose the information collected to outside third parties?
APEGA will disclose personal information and/or an IP address, when required by law or in the good-faith belief that such action is necessary to: 1) Co-operate with the investigations of purported unlawful activities and conform to the edicts of the law or comply with legal process served on APEGA, 2) Protect and defend the rights or property of the APEGA network of sites and related properties, or visitors to the APEGA network of sites and related properties, and/or 3) Identify persons who may be violating the law, or otherwise misusing the APEGA network or its related properties.
What else should I know about my privacy when online?
The APEGA web site contains many hyperlinks to third party websites. APEGA is not responsible for the privacy practices or the content of such third party websites or portals. APEGA does not share any of the individual personal information you provide us with the third parties to which APEGA links. Please keep in mind that whenever you voluntarily disclose personal information online - for example through e-mail, discussion lists, or elsewhere - that information can be collected and used by others. In short, if you post personal information online that is accessible to the public, you may receive unsolicited messages from other parties in return. Ultimately, you are solely responsible for maintaining the secrecy of your personal information. Please be careful and responsible whenever you're online.
Your Consent to This Agreement