The Digital Privacy Act (Bill S-4) passed into law, introducing (among other things) significant fines and mandatory breach notification (not yet in force) into the Personal Information Protection and Electronic Documents Act (PIPEDA). Organizations which handle personal information in the course of their commercial activities will want to undertake a review of their privacy policies and security safeguards. In light of the new power to levy significant monetary penalties, boards of directors may want to review their organization’s allocation of risk around these issues.
All new measures under the Digital Privacy Act are now in force, except for the data breach requirements (see discussion below).
The Digital Privacy Act introduces some provisions that will improve the operation of PIPEDA (for instance, introducing targeted exceptions to the consent principle, and expanding the scope of “business contact information” that will not be treated as “personal information”). However, there are four areas that … Continue reading “Businesses should re-evaluate approach to privacy with passage of Digital Privacy Act”