What kind of disclosure is protected?
The Act s. 27(1) protects any person who, while acting in good faith and on the basis of reasonable belief, has disclosed information about an organization having contravened to the Act, with respect to provisions regarding personal information protections [Division 1] or breaches of security safeguards [Division 1.1].
Who is eligible for protection?
This Act protects any person who acts in good faith and on the basis of reasonable belief when disclosing information to the Privacy Commissioner s. 27(1).
In the event of a reprisal, the Act protects employees, including independent contractors, who have made a protected disclosure under the Act s. 27.1 (3).
How are whistleblowers protected?
Under the Act, the Privacy Commissioner must keep the identity of the person disclosing the information confidential. The Privacy Commissioner must also provide an assurance of confidentiality s.27(2).
The Act prohibits any kind of reprisal against an employee who has made a protected disclosure under the Act s. 27.1(1) or who refuses, or demonstrates their intention to refuse any actions in violation of the Act s.27.1(1). Specifically, an employer shall not dismiss, suspend, demote, discipline, harass or otherwise disadvantage an employee, or deny an employee a benefit of employment s. 27.1(1).
Any person who knowingly takes any kind of reprisal against an employee who has disclosed information to the Privacy Commissioner is guilty of either s. 28:
- an offence punishable on summary conviction and liable to a fine of no more than $ 10 000; or
- an indictable offence and liable to a fine of no more than $100 000.
How should disclosures be made?
Protected disclosure should be made to the Office of the Privacy Commissioner of Canada through the PIPEDA breach report form either by email at firstname.lastname@example.org or by mail or in person at:
PIPEDA Breach Response Officer
Office of the Privacy Commissioner of Canada
30 Victoria Street, 1st Floor Gatineau, QC K1A 1H3
Individuals can also call the Office’s breach response officers at 819-994-5444 or toll-free at 1-800-282-1376 (TTY: (819) 994-6591).