Canada’s federal political parties are being encouraged to play it straight with the personal information of voters they hold.

The advice came Monday from federal privacy commissioner Daniel Therrien and chief electoral officer  Stéphane Perrault ahead of October’s national election.

Their guidance is summarized in four points:

  • Be transparent by clearly explaining what personal information will be used for, whether it will be shared with others and for what purpose;
  • Obtain meaningful consent for the collection, use and disclosure of personal information and only use the information for purposes individuals have consented to. For example, parties should not assume consent to add personal information collected through social media to party databases simply when people interact with a party by liking a post on social media;
  • Provide individuals with access to their information and the opportunity to correct it;
  • Keep personal information only as long as necessary to satisfy the purposes for which it was collected, and then destroy the information securely. For example, information collected for a specific petition or cause should not be reused for general political messaging.

The officials are issuing the guidance because the Trudeau government has decided against forcing federal parties to follow a privacy law. Instead, under recent changes to the Canada Elections Act — which came into effect Monday — federal political parties have to declare specific privacy policies they will follow. Those policies have to be approved by Elections Canada by July 1.

The public should note that the federal privacy commissioner has no oversight role for possible violations of the Canada Elections Act.

British Columbia is the only jurisdiction that regulates the privacy practices of political parties.

The guidance includes a list of obligations imposed on federal parties under the new elections law and some questions party officials might ask themselves to see if they meet those duties.

The obligations include

(i) a statement indicating the types of personal information that the party collects and how it collects that information;

(ii) a statement indicating how the party protects personal information under its control;

(iii) a statement indicating how the party uses personal information under its control and under what circumstances that personal information may be sold to any person or entity;

(iv) a statement indicating the training concerning the collection and use of personal information to be given to any employee of the party who could have access to personal information under the party’s control;

(v) a statement indicating the party’s practices concerning the collection and use of personal information created from online activity, and its use of cookies.

(vi) the name and contact information of a person to whom concerns regarding the party’s policy for the protection of personal information can be addressed.

As an extra aid the guidance includes a list of best practices for protecting information.

“Information about our political views is extremely sensitive and worthy of strong privacy protections,” Privacy Commissioner Daniel Therrien said in a statement. “We know that political parties collect vast amounts of data about voters. Canadians expect and deserve to have their privacy rights respected as they exercise their democratic rights.”

Political parties that receive electors’ information from Elections Canada have a responsibility to adopt robust privacy policies to protect it, added chief electoral officer Stéphane Perrault. “Canadians’ confidence in how political parties treat their personal information is essential to continued trust in electoral democracy.”



Related Download
Cybersecurity Conversations with your Board Sponsor: CanadianCIO
Cybersecurity Conversations with your Board – A Survival Guide
A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA
Download Now