Standard on Privacy and Web Analytics

Aims to facilitate the use of web analytics in accordance with sound privacy practices that safeguard the privacy of visitors to Government of Canada websites.
Date modified: 2013-01-31

Supporting tools

Frequently asked questions:

More information

Directive:

Policy:

Terminology:

Topic:

Hierarchy

Print-friendly XML

Glossary

administrative purpose (fins administratives)
Is the use of personal information about an individual "in a decision making process that directly affects that individual" (section 3). This includes all uses of personal information for confirming identity (i.e. authentication and verification purposes) and for determining eligibility of individuals for government programs.
administrative safeguards
Policies, directives, rules, procedures and processes that aim to protect personal information throughout the life cycle of both the information and the program or activity (e.g., institutional security policy, security provisions in a service contract for the destruction of records).
annual report (rapport annuel)
Is a report submitted by the head of a government institution to Parliament on the administration of the Act during the financial year.
classes of personal information
Personal information that is not intended to be used for an administrative purpose or that cannot be retrieved by the name of the individual or another personal identifier (e.g., unsolicited opinions and general correspondence).
complainant (plaignant(e)
Is an individual who files a complaint with the Privacy Commissioner on any of the grounds set out in subsection 29(1) of the Act.
consistent use (usage compatible)
Is a use that has a reasonable and direct connection to the original purpose(s) for which the information was obtained or compiled. This means that the original purpose and the proposed purpose are so closely related that the individual would expect that the information would be used for the consistent purpose, even if the use is not spelled out.
creation of personal information
Any personal information element or sub-element that a government institution assigns to an identifiable individual regardless of whether the information is derived from existing personal information under the control of the government institution or the institution appends new information to the individual.
data matching (couplage des données)
Is an activity involving the comparison of personal information from different sources, including sources within the same government institution, for administrative or non-administrative purposes. The data-matching activity that is established can be systematic or recurring. The data-matching activity can also be conducted on a periodic basis when deemed necessary. Under this policy, data matching includes the disclosure or sharing of personal information with another organization for data-matching purposes.
delegate (délégué)
Is an officer or employee of a government institution who has been delegated to exercise or perform the powers, duties and functions of the head of the institution under the Act.
designated minister (ministre désigné)
Is a person who is designated as the Minister under subsection 3.1(1). For the purposes of this policy, the designated minister is the President of the Treasury Board.
digital markers

Mechanisms used to remember a visitor's online interactions with a website(s). These mechanisms may be used to record a visitor's online interactions within a single session or visit, or to record a visitor's online interactions through multiple sessions or visits.

direct collection
The collection of personal information from the individual to whom the information relates.
disclosure
The release of personal information by any method (e.g., transmission, provision of a copy, examination of a record) to any body or person.
excluded information (renseignements exclus)
Is the information to which the Act does not apply as described in sections 69, 69.1, 70 and 70.1.
exempt bank (fichier inconsultable)
Is a personal information bank that describes files, all of which consist predominantly of personal information that relates to international affairs, defence, law enforcement and investigation, as outlined in sections 21 and 22 of the Act. The head of a government institution can refuse to disclose any personal information requested that is contained in an exempt bank.
exemption (exception)
Is a mandatory or discretionary provision under the Act that authorizes the head of the government institution to refuse to disclose information in response to a request received under the Act.
first-party cookies

A cookie is a data file sent by a Web server to the Web browser on a visitor's computer that the Web server uses to track or record visitor information. First-party cookies are those cookies set by the website the visitor is visiting.

government institution (institution fédérale)
Is "any department or ministry of state of the Government of Canada, or any body or office, listed in the schedule; and, any parent Crown corporation, and any wholly-owned subsidiary of such a corporation, within the meaning of section 83 of the Financial Administration Act" (section 3). The term "government institution" does not include Ministers' Offices.
handling
Any process involving personal information, including collection, correction, creation, modification, use, retention, disclosure and disposition.
head (responsable)
Is the Minister, in the case of a department or ministry of state. In any other case, it is the person designated by the Privacy Act Heads of Government Institutions Designation Order. If no such person is designated, the chief executive officer of the government institution, whatever their title, is the head.
Implementation report (rapport de mise en oeuvre)
Is a notice issued by Treasury Board Secretariat to provide guidance on the interpretation and application of the Privacy Act and its related policy, directives, standards and guidelines.
indirect collection
The collection of personal information from a source other than the individual to whom the information relates.
Info Source (Info Source)
Is a series of annual Treasury Board Secretariat publications in which government institutions are required to describe their institutions, program responsibilities and information holdings, including PIBs and classes of personal information. The descriptions are to contain sufficient clarity and detail to facilitate the exercise of the right of access under the Privacy Act. Data-matching activities, use of the SIN and all activities for which privacy impact assessments were conducted have to be cited in Info Source PIBs, as applicable. The Info Source publications also provide contact information for government institutions as well as summaries of court cases and statistics on access requests.
Internet Protocol address

A numerical label assigned by the Internet service provider to each computer and is how the computer user communicates on the Internet. An Internet Protocol (IP) address may be associated with an identifiable individual whose computer is using that address at any given time and thus may, from time to time, constitute personal information within the meaning of section 3 of the Privacy Act. Versions of IP may change from time to time.

Internet service provider

An organization that provides access to the Internet.

material privacy breach
A privacy breach that involves sensitive personal information and could reasonably be expected to cause injury or harm to the individual.
multi-institutional privacy impact assessments (évaluations des facteurs relatifs à la vie privée multi-institutionnelles)
Is a privacy impact assessment that involves more than one government institution. (See definition of privacy impact assessment, below.)
new consistent use (nouvel usage compatible)
Is a consistent use that was not originally identified in the appropriate Personal Information Bank (PIB) description in the government institution's chapter in Info Source.
non-administrative purpose (fins non-administratives)
Is the use of personal information for a purpose that is not related to any decision-making process that directly affects the individual. This includes the use of personal information for research, statistical, audit and evaluation purposes.
original purpose
The purpose that was first identified when initiating the collection of personal information and that is directly related to an operating program or activity of the institution. A purpose that is not consistent with the original purpose is considered to be a secondary purpose.
personal information (renseignements personnels)
Is "information about an identifiable individual that is recorded in any form" (section 3). See section 3 of the Act for additional information.
personal information bank (fichier de renseignements personnels)
Is a description of personal information that is organized and retrievable by a person's name or by an identifying number, symbol or other particular assigned only to that person. The personal information described in the personal information bank has been used, is being used, or is available for an administrative purpose and is under the control of a government institution.
physical safeguards
The facilities and equipment that are used to protect personal information (e.g., locked storage rooms, locked filing cabinets).
predominantly
In the context of an exempt bank, means that more than half of the information in each file contained in the bank qualifies for an exemption under section 21 or 22 of the Act.
privacy breach
The improper or unauthorized creation, collection, use, disclosure, retention or disposition of personal information.
Privacy Commissioner (Commissaire à la protection de la vie privée)
Is an Officer of Parliament appointed by Governor in Council.
privacy impact assessment (évaluation des facteurs relatifs à la vie privée)
Is a policy process for identifying, assessing and mitigating privacy risks. Government institutions are to develop and maintain privacy impact assessments for all new or modified programs and activities that involve the use of personal information for an administrative purpose.
privacy notice
A verbal or written notice informing an individual of the purpose of a collection of personal information and of the government institution's authority for collecting, including creating, using and disclosing the information. The notice, which must reference the PIB described in Info Source, also informs the individual of his or her right to access, and request the correction of, the personal information and of the consequences of refusing to provide the information requested.
privacy practices
All practices related to the creation, collection, retention, accuracy, correction, use, disclosure, retention and disposition of personal information.
privacy protocol (protocol relatif à la protection des renseignements personnels)
Is a set of documented procedures to be followed when using personal information for non-administrative purposes including research, statistical, audit and evaluation purposes. These procedures are to ensure that the individual's personal information is handled in a manner that is consistent with the principles of the Act.
privacy request (demande de renseignements personnels)
Is a request for access to personal information under the Act.
program or activity (programme ou activité)
Is, for the purposes of the appropriate collection, use or disclosure of personal information by government institutions subject to this policy, a program or activity that is authorized or approved by Parliament. Parliamentary authority is usually contained in an Act of Parliament or subsequent Regulations. Parliamentary authority can also be in the form of approval of expenditures proposed in the Estimates and as authorized by an appropriation Act. Also included in this definition are any activities conducted as part of the administration of the program.
Regulatory Impact Analysis Statement (RIAS)
A tool used for regulatory reform that assesses the impact of a proposed regulation on the quality of the environment and on the health, safety, security, and social and economic well-being of Canadians.
reliable source
A source of information or a data holding that is deemed to be accurate and up-to-date and that can be trusted and relied on for the purposes of collecting or validating personal information.
requestor (requérant)
Is a person who is requesting access to personal information about himself or herself or who has requested that a correction be made or a notation attached to his or her personal information.
Social Insurance Number (SIN) (numéro d'assurance sociale (NAS)
Is a number suitable for use as a file number or account number or for data-processing purposes, as defined in subsection 138(3) of the Employment Insurance Act. For purposes of paragraph 3(c) of the Privacy Act, the SIN is an identifying number, and is therefore considered to be personal information.
statistical report (rapport statistique)
Is intended to provide up-to-date statistics on the operation of the legislation. The reports allow the government to monitor trends and to respond to enquiries from Members of Parliament, the public and the media. The reports also form the statistical portion of government institutions annual reports to Parliament. The forms used for preparing the report are prescribed by the designated minister, as provided under paragraphs 71(1)(c) and (e) of the Privacy Act.
technical safeguards
Information technology measures that are used to protect the facility, the equipment, and the support system where personal information is recorded and stored (e.g., electronic access control devices, audit controls).
third-party cookie

Third-party cookies are those set by a different domain than the website that the visitor is currently visiting.

Web analytics

The collection, analysis, measurement and reporting of data about Web traffic and user visits for purposes of understanding and optimizing Web usage.

Date modified: