- Sep 21, 2015
- 9,915
- Category........
- FSW
- Visa Office......
- Ottawa
- NOC Code......
- 4112
- App. Filed.......
- 03-09-2015
- Doc's Request.
- 01-10-2015
- AOR Received.
- 03-09-2015
- Med's Done....
- 17-08-2015
- Passport Req..
- 05-04-2016
- VISA ISSUED...
- 12-04-2016
- LANDED..........
- 05-05-2016
@legalfalcon
My AOR is Sep 12 2020, my medical passed on Oct 27 2020 and BIL on same day that I gave in Riyadh VAC on Nov 30 2020 along with my wife. Nothing has moved on my application since then and I see the same message that "20% of applications are.......etc etc";
I am an outland PNP applicant and planning to order GCMS notes through 3rd party providers but have some apprehension on data privacy and retention. How reliable and dependent are the 3rd party notes providers and how to judge their credibility as the notes are coming from IRCC but passing their channel to the end applicant. Kindly advise in your expert opinion on how a GCMS applicant is sure of the quality and authenticity of the received notes. Will the 3rd party provider keep copy or can access the details of the notes, which are on file received from IRCC. The information is sensitive and leaks can put the applicant in an unnecessarily uncomfortable spot.
Appreciate your time and clarification!!!
You have to understand the mechanism under which the data privacy works and how it is enforced rather than just being bombarded with big words and fear mongering.
Any private Business in Canada that collects any personal information as a part of the business has to be in compliance with the Federal Personal Information Protection and Electronic Documents Act (PIPEDA). Apart from this, if a business is being carried on in Alberta, British Columbia and Quebec, these Provinces have their own Privacy Legislation which the business has to comply with along with he federal PIPEDA.
Any business in Canada has to be registered under either the the Canada Business Corporations Act, or if it is a sole proprietorship / partnership or a Provincial registered business, then they have to be registered under the respective Provincial business act.
Only if an entity is in Canada, can you enforce the Privacy Legislations on them, and they themselves have an obligation of self reporting and audits. In a fancy way its looks cool by saying that even when an entity is not in Canada the PIPEDA applies, the question is how do you enforce it. If a law cannot be enforced, it is to even worth it.
Next you need to understand what is protected. Although the PIPEDA lists all this in details, in a nutshell this is what is covered:
What is personal information?
Under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:
- age, name, ID numbers, income, ethnic origin, or blood type;
- opinions, evaluations, comments, social status, or disciplinary actions; and
- employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).
There are some instances where PIPEDA does not apply. Some examples include:
- Personal information handled by federal government organizations listed under the Privacy Act
- Provincial or territorial governments and their agents
- Business contact information such as an employee’s name, title, business address, telephone number or email addresses that is collected, used or disclosed solely for the purpose of communicating with that person in relation to their employment or profession
- An individual's collection, use or disclosure of personal information strictly for personal purposes (e.g. personal greeting card list)
- An organization's collection, use or disclosure of personal information solely for journalistic, artistic or literary purposes
- not-for-profit and charity groups; or
- political parties and associations.
Your responsibilities under PIPEDA
Businesses must follow the 10 fair information principles to protect personal information, which are set out in Schedule 1 of PIPEDA.
By following these principles, you will contribute to building trust in your business and in the digital economy.
The principles are:
- Accountability
- Identifying Purposes
- Consent
- Limiting Collection
- Limiting Use, Disclosure, and Retention
- Accuracy
- Safeguards
- Openness
- Individual Access
- Challenging Compliance
No law will provide a list of technology that should be implemented. It is incumbent on the organisation to make their own judgment on how best to comply with the laws and regulations, and in cases of breaches, report them to the Privacy Commissioner.
What you can do is as follows:
1. Look at the basics, is the website operating and registered in Canada. Usehttps://www.whois.com to find if the website is registered in Canada and operating form Canada.
2. Ask the website provider about their incorporation details and business registration, which are public information and can be found at:
https://www.ic.gc.ca/app/scr/cc/CorporationsCanada/fdrlCrpSrch.html
IF the company is registered provincially, it you can find it on the Province's registration page. There are open source.
If the company is not registered provincially or federally, which could be due to the fact that it is a sole proprietor ship or partnership, then they have to register the business name. Eg. for Ontario it is under the Business Names Act and not doing so is an offence for which a fine can be imposed.
3. Look at the website and se their compliance with PIPEDA and their status in Canada.
4. When in doubt ask the questions and verify the information.
Finally, even government websites are hacked. Recently Canada Revenue Agency had to temporarily suspend 800,000 accounts due to fears of hacking, and this is not the first time. https://www.ctvnews.ca/politics/cra-cyberattacks-impacted-four-times-as-many-accounts-as-previously-believed-1.5109368
Be vigilant, read the law and ask questions.