Federal (Canada) Privacy Decisions

A former client complained that her lawyer refused to grant her access to her personal information, citing an outstanding account and a solicitor's lien. The OPC found that a solicitor's lien is not a valid reason to deny access under PIPEDA. The lawyer eventually provided the client with her full file, and the matter was settled.

• Can a solicitor's lien be used to deny a client access to their personal information?
• What are the grounds for refusing access to personal information under PIPEDA?

This investigation concerned SWIFT's disclosure of personal information originating from Canadian financial institutions to the US Department of the Treasury in response to administrative subpoenas. The OPC found that PIPEDA applied to SWIFT's commercial activities in Canada. However, the Commissioner concluded that SWIFT's disclosure of information to comply with valid US subpoenas was permissible under PIPEDA, interpreting subsection 7(3)(c) to allow compliance with lawful orders from foreign jurisdictions where the organization operates. The Commissioner recommended that US authorities use existing information-sharing mechanisms rather than subpoenas to obtain Canadian financial data.

• Does PIPEDA apply to SWIFT's collection, use, and disclosure of personal information in its Canadian operations?
• Was personal information disclosed to US authorities in accordance with PIPEDA?
• Interpretation of subsection 7(3)(c) regarding compliance with foreign subpoenas.
• Balancing privacy protection with counter-terrorism financing efforts.

This investigation concerned allegations that SWIFT inappropriately disclosed personal information from Canadian financial institutions to the US Department of the Treasury (UST) via administrative subpoenas. The Privacy Commissioner of Canada determined that SWIFT was subject to PIPEDA due to its operations in Canada and its commercial activities involving Canadian banks. While SWIFT disclosed data held in the US to the UST in response to a subpoena, the Commissioner found this disclosure was permissible under the Act's exceptions to consent.

• Whether SWIFT is subject to PIPEDA
• Whether SWIFT inappropriately disclosed personal information to the UST
• Applicability of PIPEDA exceptions to disclosure in response to a subpoena

An individual complained that a department store's method for collecting provincial tax exemption information exposed customers' personal data to other customers. The store used a petition-style form where multiple customers' information was visible. Following the complaint, the store revised its process by implementing a new form and reconfiguring cash registers to generate individual receipts that were then secured. The complainant was satisfied with the changes, and the matter was settled.

• Visibility of personal information to other customers
• Safeguarding of personal information during collection
• Adequacy of corrective measures to protect privacy