2nd Session, 60th General Assembly
57 Elizabeth II, 2008
First Reading: November 21, 2008 (LINK TO BILL AS INTRODUCED)
Second Reading: November 21, 2008
Third Reading: November 24, 2008
Royal Assent: November 25, 2008
Be it enacted by the Governor and Assembly as follows:
1 This Act may be cited as the Privacy Review Officer Act.
2 (1) In this Act,
(a) "privacy complaint" means a complaint about a privacy matter arising out of a privacy provision;
(b) "privacy provisions" means the privacy provisions in Sections 24 to 31 of the Freedom of Information and Protection of Privacy Act;
(c) "review provisions" means the review provisions in Sections 34 to 41 of the Freedom of Information and Protection of Privacy Act.
(2) Words and expressions in this Act have the same meaning as in the Freedom of Information and Protection of Privacy Act.
(3) A reference in this Act to the privacy provisions must be read in the context of the other provisions in the Freedom of Information and Protection of Privacy Act.
3 This Act applies to all records in the custody or under the control of a public body to which the Freedom of Information and Protection of Privacy Act applies and, for greater certainty, Section 4 of that Act applies mutatis mutandis to this Act.
4 (1) The Governor in Council shall appoint a person to serve as the Privacy Review Officer.
(2) The Governor in Council may appoint the Review Officer appointed under the Freedom of Information and Protection of Privacy Act or another officer appointed under legislation as the Privacy Review Officer under this Act.
(3) Subsections 33(2) to (7) of the Freedom of Information and Protection of Privacy Act apply mutatis mutandis to the Privacy Review Officer.
5 (1) In addition to the Privacy Review Officer's duties and powers referred to in Section 6 with respect to reviews, the Privacy Review Officer may
(a) monitor how the privacy provisions are administered and conduct reviews of privacy complaints arising from the privacy provisions;
(b) initiate an investigation of privacy compliance if there are reasonable grounds to believe that a person has contravened or is about to contravene the privacy provisions and the subject-matter of the review relates to the contravention;
(c) make recommendations on and mediate privacy complaints;
(d) undertake research matters concerning privacy legislation;
(e) inform the public about this Act;
(f) on the request of a public body, provide advice and comments on privacy.
(2) The Privacy Review Officer may only exercise the powers under clauses (1)(a) and (c) after the person who has made the complaint has completed the use of the internal privacy-complaint procedure of the public body to which the complaint was made.
6 (1) A person who believes that his or her own personal information has been collected, used or disclosed in contravention of the privacy provisions may ask the Privacy Review Officer to review that matter.
(2) Sections 34 to 41 of the Freedom of Information and Protection of Privacy Act, and related provisions in that Act, apply mutatis mutandis to a review.
(3) For greater certainty, "related provisions" in subsection (2) includes related regulations made under the Freedom of Information and Protection of Privacy Act.
7 (1) The Governor in Council may make regulations
(a) defining any word or expression used but not defined in this Act;
(b) further defining any word or expression defined in this Act;
(c) respecting any matter or thing the Governor in Council considers necessary or advisable to carry out effectively the intent and purpose of this Act.
(2) The exercise by the Governor in Council of the authority contained in subsection (1) is regulations within the meaning of the Regulations Act.
(3) A regulation may apply to all persons or bodies or to a class of persons or bodies to whom this Act applies and there may be different regulations for different classes of such persons or bodies.
8 This Act comes into force on and not before such day as the Governor in Council orders and declares by proclamation.