In a primarily rural society, such as 19th-century Canada, privacy was basically a territorial concept. Today, privacy tends to be defined not only territorially but as the right of individuals to determine when, how and to what extent information about themselves is to be communicated to others. When Canadians refer to "invasion of privacy," they may include electronic camera surveillance and unapproved computer record-linking of personal information. It is the marriage of data files and the computer that poses the greatest threat to privacy (see Computers and Society). Government intervention has primarily been directed at giving individuals access to personal information held by government. However, the same legislation also gives to third parties in certain situations the right of access to personal information about other people, and creates exemptions allowing individual access to some personal information.
Federal legislation regarding privacy includes the 1982 Privacy Act (which supplanted and reinforced provisions regarding privacy in the Canadian Human Rights Act of 1977) and the 1974 Protection of Privacy Act, which allows wiretaps under certain conditions.
In 1984 Québec proclaimed a privacy and access to information law and Ontario and Manitoba had similar legislation by 1988. BC in 1968, Manitoba in 1970, and Saskatchewan in 1974 have passed enabling legislation recognizing legal causes of action for invasion of privacy, but these laws have been described as "unused and unusable."
The Québec Charter of Rights (but not the Canadian Charter of Rights and Freedoms) also contains a right to privacy clause. In 1981 the joint committee on the Constitution defeated an amendment that would have provided for "freedom from unreasonable interference with privacy, family, home, and correspondence."
Personal privacy is protected under other federal and provincial statutes as well. For example, the federal Statistics Act prohibits disclosure of personal statistical information, and Ontario's fair credit-reporting legislation allows access to personal credit records and provides some rights to correct inaccurate information. Another level of privacy protection is provided by the courts, which hear cases argued on grounds such as trespass and theft, but there is no recognizable legal right to sue on the grounds of privacy invasion. The federal government recently passed proposals for amendments to the Criminal Code to protect individuals against the misappropriation and misuse of personal information stored on computers.
Canadians became aware of extensive violations of privacy through the controversy surrounding the use of Social Insurance Numbers (SIN) and the federal Commission of Inquiry Into Certain Activities of the RCMP (McDonald Commission). SIN was developed as an administrative registration number for social-security programs. The use of social insurance numbers, however, both in the public and private sectors, has now become a means of identifying individuals. SIN is used, for example, to register Prince Edward Island babies as well as some amateur hockey teams. This has raised concerns about the potential abuse of SIN as a means of linking together much personal information stored in files and computer banks. No direct parliamentary action has been taken to restrict SIN usage but individuals are no longer required to divulge their SIN to cash Canada Savings Bonds coupons.
The October 1986 alleged theft of some 16 million Canadian tax records containing SIN identifiers from the Toronto Revenue Canada office served to remind Canadians how vulnerable key information can be. The McDonald Commission learned that the RCMP had enjoyed unauthorized access to personal information about thousands of Canadians and had opened files on 800 000 Canadians. The Commission also learned of RCMP infringements on personal privacy through the use of wiretapping, break and entry, and mail openings. No Mounties were brought to trial on such charges. In 1984 the Canadian Security Intelligence Service Act gave security agents very broad powers of privacy invasion. Agents' actions are subject to limited scrutiny, primarily behind closed doors.
The vulnerability of Canadians to invasion of privacy was also made evident in 1983, when the public learned that Revenue Canada claimed many sweeping powers of access to personal information, and demanded unrestricted access to certain municipal financial data banks. That incident was followed in 1984 by 2 Supreme Court decisions (James Richardson & Sons Limited v The Minister of National Revenue, 1984, SCR 614; and Hunter Southam Inc, 1984, 14CCC [3d] 97 SCC) limiting the extent of the powers officials had under the Income Tax Act. As well, the Privacy Commissioner and privacy advocates have been calling attention to the growing use of computer matching of personal data to, among other matters, check for fraud, to locate debtors and to trace suspected criminals.
Governments and law enforcement officials are not the only violators of personal information. In the early 1980s the Ontario Commission of Inquiry into the Confidentiality of Health Information (Krever Commission) learned that certain insurance representatives were impersonating medical officers to obtain medical information about claimants.
The greatest threat to personal privacy lies in the growing reliance on information machines with their immense and quick capacity for record-linking and transmitting data. With the advent of electronic banking, shopping and mail, information about an individual's employment and financial and health status and personal habits can be easily recorded and traded.
Problems arise when the computers storing personal information can be surreptitiously entered by third parties and when the terminal containing the information is not located in Canada (for example, medical insurance information about many Canadians is stored in Boston). Unlike some European countries, Canada has no legislation to restrict and protect the access to and distribution of personal information on Canadians held in computers abroad.
A House of Commons Justice Committee report (31 March 1987) recommended reviewing and extending the 1982 Privacy Act to trans-border data situations, and to the federally regulated private sector. As well, the report made recommendations to audit and include matters such as electronic monitoring of the workplace, drug testing and polygraph testing in new privacy legislation should the Canadian government adopt a broader privacy protection package.
Canadians are increasingly aware of how delicate their personal control is over information about themselves. In a 1984 Gallup of 1071 adults, 68% said they did not believe there was any real privacy in Canada, because the government could learn anything it wanted to learn about any individual. There is a growing sensitivity to how we collect, report and use personal information and nothing highlights this better than the confidentiality treatment accorded diagnosed AIDS victims and individual carriers of the AIDS virus.