TC Design
Privacy Notice Statement
- Hannah Jolley
Privacy Notice Statements (PNS) provide users with essential information about how their personal information is being collected, used and protected, and by whom. PNS' only cover the information that is mandatory for the requested product or service, and information that the program is legally authorized to collect. To learn more about what information your program is authorized to collect, review your programs Personal Information Bank.
Tip: Personal information is data that can be used to identify an individual such as name, email address, phone number, date of birth, license number and more.
When to use this Component
Use a Privacy Notice Statement (PNS) whenever your application collects identifiable personal information (with legal authority) that is required to successfully complete the product or service the user is trying to access
When not to use this Component
Don’t use a Privacy Notice Statement (PNS) if you are collecting personal information that is not required to complete the product or service the user is trying to access. For example, collecting email addresses to sign up for a newsletter or mailing list. The user must provide explicit consent for this
Don’t use a Privacy Notice Statement if you are not collecting personal information
Best practices
Do
Engage with ATIP at the beginning of the design process to ensure privacy considerations are integrated from the outset
Have your Privacy Notice Statement (PNS) reviewed by ATIP to ensure it aligns with privacy and legal requirements before implementation
PNS should be presented to the user on a dedicated page before they enter their personal information
Ensure the Privacy Notice Statement (PNS) is prominent on the page, it should be easily visible to users without requiring any interaction
PNS should be written in plain language, use no technical jargon, and be kept short to enhance readability
Use a PNS regardless of who your users are. A PNS is required for internal users (employees) if you are collecting their personal information
Ensure users can review the PNS any time
Don’t
Don’t wait until users have input their personal information to show them the PNS, even if they have not submitted it yet
Don’t ask users to consent to the PNS. Consent should only be explicitly sought for additional information not covered in the PNS
Don’t hide the PNS behind an accordion or link to another page, they should be visible and accessible to users
Tips
If you’re not sure whether you need a PNS or would like help reviewing your PNS, you can email ATIP at tc.privacyquestions-questionsvieprivee.tc@tc.gc.ca to set up a consultation
PNS template
Use this text template with the appropriate information as your application or services Privacy Notice Statement. The information needed to fill in the blanks can be found in your program’s Personal Information Bank. Your Privacy Notice Statement should be displayed on a dedicated page prior to the user being asked to provide their personal information.
“Privacy Notice Statement (H1)
As per Personal Information Bank [insert PIB number and link], personal information is collected under the authority of the [insert and link to relevant legislation] for the purpose of [insert specific purpose or activity] for the [insert program]. Your information personal information will be disclosed to [insert parties]. Failure to provide this information will result in [consequence].
Your rights (H2)
You have the right to:
Access the personal information we hold about you.
Correct any inaccuracies in your personal information.
Protect your personal information under the Privacy Act.
Complaints (H2)
If you have concerns about how we handle your personal information, you have the right to file a complaint with the Privacy Commissioner of Canada.”
Example
Resources
Government of Canada resources
Directive on Privacy Practices - 4.2.10
External resources
TC Design