I thought this might be a good opportunity to remind people that Canada has bank secrecy laws too. Remember PIPEDA.
From the privacy commissioner
PIPEDA requires private-sector organizations to collect, use or disclose your personal information by fair and lawful means, with your consent, and only for purposes that are stated and reasonable.
They’re also obliged to protect your personal information through appropriate security measures, and to destroy it when it’s no longer needed for the original purposes.
You have the right to expect the personal information the organization holds about you to be accurate, complete and up-to-date. That means you have a right to see it, and to ask for corrections if they got it wrong.
If you think an organization covered by PIPEDA is not living up to its obligations, you should try to address your concerns directly with the organization. If that doesn’t work, you have the option of lodging a complaint with the Privacy Commissioner.
PIPEDA applies to the personal information collected, used or disclosed by organizations engaged in commercial activities, from banks and retail outlets to airlines, communications companies and law firms. It applies equally to small and big businesses, whether they operate out of an actual building or only online. The law, which has been fully in force since 2004, applies to private enterprises across Canada.
There are exceptions: Many private enterprises operating within British Columbia, Alberta and Quebec are covered not by PIPEDA but by similar provincial statutes.
But, even in those provinces, PIPEDA applies to organizations under federal jurisdiction, such as companies involved in banking, transportation, broadcasting or telecommunications. For those businesses, PIPEDA also applies to the personal information of employees.
Another law, called the Privacy Act, protects the privacy of your dealings with federal government departments, agencies and Crown corporations