Archived — Principle 4: Online Privacy

Archived information is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Canadian Code of Practice for Consumer Protection in Electronic Commerce

4.1 Vendors shall adhere to the principles set out in Appendix 3 with respect to the personal information they collect from consumers as a result of electronic commerce activities.

4.2 Vendors shall make their privacy policy easily accessible from the home page of their Web site or at a reasonably early stage of consumers' navigation, and whenever personal information is either requested or collected. Information that must be disclosed as part of the privacy policy includes the following:

a) the specific kinds and sources of information being collected and maintained online, the purposes for which the information is collected, how that information is being used, and to whom the information may be disclosed;

b) the choices available to consumers regarding the collection, use and disclosure of their personal information, how they may exercise and change these choices, and the implications of such choices;

c) how consumers may review and, when necessary, correct or remove such information; and

d) when the Web site uses "cookies," how and why they are used and the consequences, if any, of consumers' refusal to accept a cookie.

4.3 Vendors shall limit their collection, use and disclosure of personal information to that which a reasonable person would consider appropriate in the circumstances.

4.4 Vendors shall not disclose personal health information to affiliates or third parties for purposes other than the transactions unless specifically and expressly authorized by consumers in advance, through a clearly worded opt-in process. When seeking consumers' express consent to disclose the information, vendors shall list the information to be disclosed, all uses to which it may be put and all parties to whom it may be disclosed.

4.5 Vendors shall not, as a condition of sale, require consumers to consent to the collection, use or disclosure of personal information beyond that necessary to complete the sale.

4.6 When consumer consent to the collection, use and disclosure of personal information is required, and cannot reasonably be implied, such consent shall be:

a) provided separately from consent to other terms and conditions of the contract; and

b) provided through a clearly worded, online opt-in or opt-out process. Opt-out processes must be highly visible and easy to execute.

4.7 When vendors transfer personal information to third parties, vendors shall remain responsible for the protection of that information. Accordingly, before any such transfer, vendors shall ensure, through contractual or other means, that the third parties comply with the privacy provisions of this Code.

Previous page | Table of contents | Next page