All private businesses across Canada, including residential landlords and real estate brokerages, will be impacted by the latest changes to the Personal Information Protection and Electronic Documents Act (PIPEDA) beginning Nov. 1. PIPEDA is Canada’s federal private sector privacy law that sets out the ground rules for how businesses, including landlords, must handle personal information in the course of their commercial activity. PIPEDA was significantly amended when the The Digital Privacy Act received Royal Assent in June 2015.  

Under PIPEDA, landlords must:

  • Obtain a tenant’s consent to collect, use or disclose a person’s personal information.
  • Identify the reasons for collecting the personal information before collection and only ask for the limited information needed for what a reasonable person would consider appropriate to the circumstances.
  • Provide an individual with access to the personal information the holder has about the individual and allow them to challenge its accuracy.
  • Only use a tenant’s personal information for the purposes for which it was collected.

The time limit for PIPEDA court applications changed from 45 days to one year.

As of Nov. 1, PIPEDA will include a mandatory requirement for organizations to give written notice to affected individuals and to the commissioner about privacy breaches and to maintain records for 24 months about each breach.

All businesses (and landlords of every size) must ensure that personal information is protected by appropriate safeguards including physical measures (locked filing cabinets, restricting access to offices, alarm systems), technological tools (passwords, encryption, firewalls) and organizational controls (security clearances, limiting access to a “need-to-know” basis, staff training, agreements).

You say you knew all this already? What about the case where a landlord and tenant had a verbal tenancy agreement (permitted under the RTA) to allow the tenant to grow up to four cannabis plants but the landlord discovered 60 plants? Here’s the answer.

The full implications of PIPEDA to Canadian businesses would require possibly a small book to analyze the obligations for every type of small business. My personal focus is on residential “landlording”, which includes Realtors who assist residential property investors, so here’s a 20 Question Landlord-Tenant Privacy test:

  1. Do you need a tenant’s SIN number for most things?
  2. Do you need permission to capture a tenant’s face on a surveillance camera?
  3. Do you need written permission to do a credit check?
  4. What minimum information is needed to do a credit check?
  5. Is it against the law to demand a tenant’s SIN number?
  6. Can you deny a tenancy applicant because they didn’t give you their SIN number?
  7. Can you use the SIN as a general tenant identifier, for example in your accounting system?
  8. Can a landlord ask for a driver’s licence, tax information, pay stubs?
  9. Can you look into a tenant’s background by looking at social media postings or calling another landlord?
  10. Can you put a tenant’s name on a “bad tenant” list?
  11. Can you verbally disclose bad tenant behaviour to other landlords, for example a phone reference?
  12. Can you take pictures of a tenant’s apartment and contents if you suspect a tenancy agreement breach?
  13. Can you set up surveillance cameras in your building that capture tenant faces?
  14. Can a tenant ask what information you hold about them?
  15. Can other tenants collect information on a tenant?
  16. How long can you retain a tenant’s information?
  17. Is there a prescribed process for personal information destruction?
  18. Can you disclose personal information to pursue a debt?
  19. Can police agencies demand tenant information from you?
  20. Can police agencies demand the landlord allow them entry to a tenant’s unit?

Short (and incomplete) answers:
  1. No.
  2. Yes, but can be implied.
  3. Yes.
  4. Name, address, date of birth.
  5. No law currently prevents landlords from asking for a SIN for purposes such as identification.
  6. No.
  7. No.
  8. Privacy law doesn’t prevent such requests but information must be fully protected.
  9. Informal checks are a collection of personal information – permission required, privacy laws apply.
  10. Not to an unregulated or ad hoc list.
  11. No.
  12. Strict rules apply.
  13. Strict rules apply.
  14. Yes.
  15. Generally, no.
  16. No prescribed period but not indefinitely.
  17. No but “must be done appropriately”.
  18. Strict rules apply. Disclosure to a tenant’s family, co-workers or on social media is not allowed.
  19. Strict rules apply, specific documentation required.
  20. Maybe, if police declare it an emergency. Otherwise, warrant usually required or 24-hours’ notice to tenant. Strict rules apply.

Now, be honest with yourself: how well did you score? More importantly, do you have all of the above risk exposures covered in your Rental Application form and Standard Lease appendix B clauses?

Posted by Jay McDouall on
Email Send a link to post via Email

Leave A Comment

Please note that your email address is kept private upon posting.