Modernizing Canada’s Privacy Laws: What Employers Need to Know About Bill C-11

On November 17, 2020, the federal government introduced Bill C-11, An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts.

Reminder: Mandatory Data Breach Notification in Force on November 1, 2018

As we previously reported, as of November 1, 2018, the Personal Information Protection and Electronic Documents Act (PIPEDA) will require notification to affected individuals and the federal Office of the Privacy Commissioner (OPC) when a security incident involving personal information results in a “real risk of significant harm.” The supporting regulations published March 27, 2018…

PIPEDA Breach of Security Safeguards Regulations Published

Beginning November 1, 2018, the Personal Information Protection and Electronic Documents Act (PIPEDA) will require private sector organizations to provide notice to affected individuals and the federal Office of the Privacy Commissioner (OPC) when a security incident involving personal information results in a “real risk of significant harm.” The supporting regulations, Breach of Security Safeguards…

Mandatory Breach Notification Comes to Canada: What To Do About It

It’s been a long time coming, but we finally know that mandatory breach notification is coming to Canada. Beginning November 1, 2018, the Personal Information Protection and Electronic Documents Act (PIPEDA) will require notification to affected individuals and the federal Privacy Commissioner when a security incident involving personal information results in a “real risk of significant…

Federal Privacy Commissioner Weighs In Against Sharing Details of Employee Discipline

In a recently released decision summary, the Office of the Privacy Commissioner of Canada (OPC) held that a bank acted properly in deciding not to tell the victim of unauthorized access precisely how it had punished its offending employee (Employee). The victim, the complainant in this case, was a neighbour of the Employee who happened…

Federal Government Consults on PIPEDA Data Breach Regulations

On March 4, 2016, the federal government posted Data Breach Notification and Reporting Regulations (Regulations) for public discussion. Amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) enacted by the Digital Privacy Act (Bill S-4) will, upon proclamation, require private sector organizations to notify the public in circumstances where security safeguards involving their…

New Privacy Legislation in Manitoba

Organizations with operations in Manitoba need to be aware that the Manitoba Legislature has recently passed new privacy legislation that will apply to the private sector and, to a lesser degree, to the not-for-profit sector – The Personal Information Protection and Identity Theft Prevention Act (“PIPITPA” or the “Act”). PIPITPA will establish rules for the…

The Science of Data Breach Prevention and the Art of Breach Response

Organizations should be paying close attention to data loss prevention and response in light of recent developments. Recent media frenzies over the loss of portable storage devices illustrate that individuals’ fears and perceptions can cause great pressure on organizations even when the risk of real harm to individuals is remote. In addition, the risk of…

How the New Privacy Tort Will Affect Employers

On January 18th, 2012, the Court of Appeal for Ontario in Jones v. Tsige recognized a new “intrusion upon seclusion” civil cause of action. In this FTR Now, we describe the new cause of action (or “tort”) and identify its significance to employers. THE INTRUSION UPON SECLUSION TORT Under Ontario law it is now clear…