dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed

Avatars are for posers
Peterborough, ON
reply to Toastertech

Re: Info: Length of time Canadian ISPs retain IP address logs

said by Toastertech:

Personally if the ISP will not share this information with a prospective customer, in my case (if I had a choice) it would work the opposite way and make that company an immediate "no go".

4. (1) This Part applies to every organization in respect of personal information that
(a) the organization collects, uses or discloses in the course of commercial activities;
8. (1) A request under clause 4.9 of Schedule 1 must be made in writing.
(2) An organization shall assist any individual who informs the organization that they need assistance in preparing a request to the organization.
(3) An organization shall respond to a request with due diligence and in any case not later than thirty days after receipt of the request.

4.9 Principle 9 — Individual Access
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. Note: In certain situations, an organization may not be able to provide access to all the personal information it holds about an individual. Exceptions to the access requirement should be limited and specific. The reasons for denying access should be provided to the individual upon request. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege.

4.9.1 Upon request, an organization shall inform an individual whether or not the organization holds personal information about the individual. Organizations are encouraged to indicate the source of this information. The organization shall allow the individual access to this information. However, the organization may choose to make sensitive medical information available through a medical practitioner. In addition, the organization should provide an account of the use that has been made or is being made of this information and an account of the third parties to which it has been disclosed.

4.9.2 An individual may be required to provide sufficient information to permit an organization to provide an account of the existence, use, and disclosure of personal information. The information provided shall only be used for this purpose.

4.9.3 In providing an account of third parties to which it has disclosed personal information about an individual, an organization should attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed information about an individual, the organization should provide a list of organizations to which it may have disclosed information about the individual.

4.9.4 An organization shall respond to an individual's request within a reasonable time and at minimal or no cost to the individual. The requested information shall be provided or made available in a form that is generally understandable. For example, if the organization uses abbreviations or codes to record information, an explanation shall be provided.

4.9.5 When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, the organization shall amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question.

4.9.6 When a challenge is not resolved to the satisfaction of the individual, the substance of the unresolved challenge should be recorded by the organization. When appropriate, the existence of the unresolved challenge should be transmitted to third parties having access to the information in question.

As part of the request specifically ask how long the retention logs are retained.



Where exactly is there a requirement that an organization should log the activities of the customer?

News flash, that's what court orders are for in criminal investigations.