The coverage of employees under PIPEDA, the new Canadian law, is rather
complicated.

The General Trade and Commerce Powers of the Canadian federal government do
not extend to regulating matters relating to employees except those in
"federal works, undertakings and businesses" (e.g., those designated in Part
I of PIPEDA, which include shipping and navigation companies, railroads,
telephone companies, many banks, airlines, etc.) or in organizations that
exchange personal information as a commercial activity.

Only the provinces have jurisdiction to regulate matters relating to
employees working in the non-federally-regulated sector. If a province
chooses to enact legislation extending the protections provided by PIPEDA to
such employees, they will be covered. If a province does nothing, they will
remain in limbo, or a black hole, with respect to privacy protection,
notwithstanding the coverage of consumers and other data subjects that would
occur by the default application of PIPEDA to them on January 1, 2004.

This scenario may never occur, as all the provinces will face increasing
pressure from the PIPEDA bandwagon, which is already changing the behavior
of companies not directly covered by it that recognize the handwriting on
the wall. However, should a particular province decide to do nothing, then
employees in the non-federally-regulated sector in that province would not
be subject to PIPEDA (or equivalent provincial legislation), and transfers
of employee data from the EU to non-federally-regulated subsidiaries in that
province could not be justified on the basis of adequacy.

Don

* * * * * * * * * * * * * * * * * * *
Dr. Donald F. Harris
President, HR Privacy Solutions, Ltd.
1202 Lexington Avenue, Suite 318
New York, NY 10028
Phone/Fax: (212)396-1184
E-mail: [log in to unmask]
Website: www.hrprivacy.com
* * * * * * * * * * * * * * * * * * *



-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]]On Behalf Of Maccoll, Fiona
(RTHQ)
Sent: Friday, January 11, 2002 10:13 AM
To: [log in to unmask]
Subject: Adequacy - Canada & Australia


Thanks for highlighting this decision, Stuart.

I visited the EC site
http://europa.eu.int/comm/internal_market/en/dataprot/adequacy/overview.htm
the other day but there was nothing on there about Canada.

Has anyone got any idea whether this decision on the adequacy of recipients
subject to the Canadian Act means that from Jan 2004 an EU company can send
employee information to a subsidiary in Canada, even though this data is not
protected under Canadian legislation?

While on the subject of adequacy, I am trying to locate a copy of the
opinion the Commission re adequacy (or rather inadequacy) of the new
Australian privacy law. The Australian Attorney-General issued a press
release in March 2001 noting 'The Article 29 Data Protection Working Party
of the European Commission today released its opinion that more work needs
to be done before Australia's new private sector privacy legislation will
meet its adequacy test'. However, I cannot find a copy of the opinion on the
'europa.eu' web site. Any assistance would be most welcome.

Fiona Maccoll
Records Manager

Rio Tinto plc
Telephone 020 7753 2123 Fax 020 7753 2211
Registered Office 6 St James's Square, London, SW1Y 4LD. Registered In
England No. 719885

This email is confidential and may also be privileged. If you are not the
intended recipient, please notify us immediately and delete this message
from your system without first printing or copying it.





-----Original Message-----
From: Peter McGrath [mailto:[log in to unmask]]
Sent: 11 January 2002 10:48
To: [log in to unmask]
Subject: FW: Canada joins approved list


-----Original Message-----
From: Peter McGrath [mailto:[log in to unmask]]
Sent: 11 January 2002 10:21
To: 'Cashmore, Stuart'; [log in to unmask]
Subject: RE: Canada joins approved list

Canada Safe?

Not quite, said the legal beagle.
Article 1 reads "... to recipients subject to the Personal Information
Protection and Electronic Documents Act". - have a look at recitals 5 and 6
to the directive:

1. The Act don't apply everywhere and to everyone until 1.1.04

2. The extension this month was to personal health information in respect of
those activites covered in the first stage.

I will try to get something on the "Safe Harbor" info pages at
www.rhs-law.co.uk/dpa - I know its not the harbor, but you get the idea.....

Peter McGrath
Read Hind Stewart

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^