Publicly Available Information

March 2014

One of the Commissioner’s primary roles is to investigate and try to resolve privacy complaints against organizations. While findings on a given issue may differ depending on the facts of each case and the position of the parties. Over time, findings on certain key issues have begun to crystallize into general principles that can serve as helpful guidance for organizations.

In an effort to summarize the general principles that have emerged from court decisions and the Commissioner’s findings to date, the OPC issues Interpretations of certain key concepts in PIPEDA. These Interpretations are not binding legal interpretations, but rather, are intended as a guide for compliance with PIPEDA. As the Commissioner issues more findings, and the courts render more decisions, these Interpretations may evolve and be further refined.

I. Relevant Statutory Provisions

Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 (“PIPEDA”)

Principle 4.3 of PIPEDA states that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.

Section 7(1)(d) of PIPEDA states that for the purpose of clause 4.3 of Schedule 1, an organization may collect personal information without the knowledge or consent of the individual if the personal information is publicly available and is specified by the regulations.

Section 7(2)(c.1) of PIPEDA states that for the purpose of clause 4.3 of Schedule 1, an organization may use personal information without the knowledge or consent of the individual if the personal information is publicly available and is specified by the regulations.

Section 7(3)(h.1) of PIPEDA states that for the purpose of clause 4.3 of Schedule 1, an organization may disclose personal information without the knowledge or consent of the individual if the personal information is publicly available and is specified by the regulations.

Regulations Specifying Publicly Available Information, SOR/2001-7 (13 December, 2000) (“Regulations”)

Section 1 of the Regulations state that the following information and classes of information are specified for the purposes of paragraphs 7(1)(d), (2)(c.1) and (3)(h.1) of the Personal Information Protection and Electronic Documents Act:

  1. personal information consisting of the name, address and telephone number of a subscriber that appears in a telephone directory that is available to the public, where the subscriber can refuse to have the personal information appear in the directory;
  2. personal information including the name, title, address and telephone number of an individual that appears in a professional or business directory, listing or notice, that is available to the public, where the collection, use and disclosure of the personal information relates directly to the purpose for which the information appears in the directory, listing or notice;
  3. personal information that appears in a registry collected under a statutory authority and to which a right of public access is authorized by law, where the collection, use and disclosure of the personal information relates directly to the purpose for which the information appears in the registry;
  4. personal information that appears in a record or document of a judicial or quasi-judicial body, that is available to the public, where the collection, use and disclosure of the personal information relate directly to the purpose for which the information appears in the record or document; and
  5. personal information that appears in a publication, including a magazine, book or newspaper, in printed or electronic form, that is available to the public, where the individual has provided the information.

II. General Interpretations by the Courts

  1. “It goes without saying that by appearing in public, an individual does not automatically forfeit his or her interest in retaining control over the personal information which is thereby exposed” (Alberta (Information and Privacy Commissioner) v United Food and Commercial Workers, Local 401, 2013 SCC 62 at para. 27).
  2. Personal information must be both publicly available and specified by the Regulation to exempt an organization from the requirement to obtain consent (Turner v. Telus Communications Inc. 2005 FC 1601).
  3. Even if voice characteristics or “voiceprints” collected by voice recognition technology could be said to be publicly available, this form of personal information is not specified by the Regulation. Therefore, the Regulation does not exempt an organization from the requirement to obtain consent to collect such information. (Turner v. Telus Communications Inc. 2005 FC 1601).
  4. For the Regulation to apply, personal information must be collected from a publicly available source (Citi Cards Canada Inc. V. Pleasance 2010 ONSC 124; See also Citi Cards Canada Inc. v. Pleasance, 2011 ONCA 3).
  5. The current balance of a mortgage is not publicly available (City Cards Canada Inc. V. Pleasance 2010 ONSC 124; See also Citi Cards Canada Inc. v. Pleasance, 2011 ONCA 3).
  6. The exception to the requirement to obtain consent recognized in section 7 of the Act and paragraph 1(a) of the Regulations does not apply to the very organization that initially collects the information for the purposes of publishing a telephone directory that will, once published, become publicly available (Englander v. TELUS Communications Inc., 2004 FCA 387).
  7. The fact that the use of personal information contained in publicly available telephone directories can be so widespread because of these Regulations militates in favour of the Court exercising additional caution when determining issues pertaining to initial listings in telephone directories (Englander v. TELUS Communications Inc., 2004 FCA 387).

III. Application by the OPC in Different Contexts

Whether information can be said to be “publicly available” for the purposes of PIPEDA will vary depending on the facts of each complaint investigation. The following examples illustrate how the provisions setting out each type of publicly available information specified by the Regulations have been interpreted and applied by the OPC.

1(a) Telephone directories

1(b) Professional and business directories

1(c) Public registries

1(d) Court and tribunal records

1(e) Books, magazines, newspapers

Date modified: