On November 17, 2020, the Minister of Innovation, Science and Industry, Navdeep Bains, tabled proposed legislation in Parliament that aims to overhaul Canada’s data privacy law. Bill C-11, entitled An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Act, will create new data privacy obligations and new enforcement mechanisms for these obligations if it becomes law.… Continue Reading
Happy Data Privacy Day! Data Privacy Day represents a timely opportunity to highlight anticipated significant developments in Canadian privacy law in 2020 that we are monitoring following two major developments from the Government of Canada.… Continue Reading
On September 23, the Office of the Privacy Commissioner of Canada (OPC) announced, following consultation with stakeholders, that it will maintain the position set out in its 2009 guidelines that an organization’s transfer of personal information to a third party for processing, including a transfer across the Canadian border, is a “use” of that personal information, and not a disclosure that requires separate consent.
This announcement brings at least temporary clarity to an issue that resulted in a tumultuous summer for organizations and the OPC alike as everyone grappled with the potential consequences of the OPC’s June … Continue Reading
Like many organizations in Canada, yours is probably not fully prepared for the mandatory breach reporting requirements coming into force under the federal Personal Information Protection and Electronic Documents Act (PIPEDA) November 1, 2018.
Here are three measures your organization ought to take in preparation for mandatory breach reporting:
1. Implement internal breach reporting and response protocols.
Organizations subject to PIPEDA will be required to separately report to individuals and to the Privacy Commissioner of Canada breaches of “security safeguards” involving personal information that pose “a real risk of significant harm” to individuals.
It is likely few employees in an … Continue Reading
Starting on November 1, organizations across Canada subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) will be required to provide notice of certain privacy breaches.
The breach reporting requirements relate to a “breach of security safeguards,” which is defined in PIPEDA as: the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards, or from a failure to establish those safeguards.
If it is reasonable to believe the breach of security safeguards creates a real risk of significant harm to the individual:
- Organizations will be required to
Earlier this year, a Canadian trial court ruled that Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) has extra-territorial application and restricts the dissemination of personal information of Canadians, even where the information is already public, and even though it is made available from outside Canada.… Continue Reading
On June 18, 2015, Canada’s Senate and House of Commons passed the Digital Privacy Act to amend the country’s federal Personal Information Protection and Electronic Documents Act (PIPEDA). Many of the amendments are scheduled to come into force on a date to be determined by the government. The revised requirements (highlighted below) will have a significant impact on the treatment of personal information by organizations that are subject to PIPEDA. These are organizations that either are federally regulated and fall under the legislative authority of the Parliament of Canada, or operate within a province that does not have in place … Continue Reading