Modernizing Canada’s Privacy Laws: What Employers Need to Know About Bill C-11

On November 17, 2020, the federal government introduced Bill C-11, An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts.

Reminder: Mandatory Data Breach Notification in Force on November 1, 2018

As we previously reported, as of November 1, 2018, the Personal Information Protection and Electronic Documents Act (PIPEDA) will require notification to affected individuals and the federal Office of the Privacy Commissioner (OPC) when a security incident involving personal information results in a “real risk of significant harm.” The supporting regulations published March 27, 2018…

PIPEDA Breach of Security Safeguards Regulations Published

Beginning November 1, 2018, the Personal Information Protection and Electronic Documents Act (PIPEDA) will require private sector organizations to provide notice to affected individuals and the federal Office of the Privacy Commissioner (OPC) when a security incident involving personal information results in a “real risk of significant harm.” The supporting regulations, Breach of Security Safeguards…

Mandatory Breach Notification Comes to Canada: What To Do About It

It’s been a long time coming, but we finally know that mandatory breach notification is coming to Canada. Beginning November 1, 2018, the Personal Information Protection and Electronic Documents Act (PIPEDA) will require notification to affected individuals and the federal Privacy Commissioner when a security incident involving personal information results in a “real risk of significant…

The Right to Be Forgotten Comes to Canada

On January 26, 2018, the Office of the Privacy Commissioner of Canada issued a new position on the protection of online reputation. In doing so the OPC recognized a right to have personal information de-indexed from search engine results if it is inaccurate, incomplete or out-of-date. Although the position is in draft, is nonetheless of…

Proposed Data Breach Regulations Under PIPEDA Published

On September 2, 2017, the federal government published the proposed regulatory text of the Breach of Security Safeguards Regulations (Regulations) made under the Personal Information Protection and Electronic Documents Act (PIPEDA). Interested persons have been invited to make representations on the Regulations. As previously reported, amendments to the PIPEDA enacted by the Digital Privacy Act…

Procedural Power of Courts Not Constrained by PIPEDA

In Royal Bank of Canada v. Trang, the Supreme Court of Canada held that the Personal Information Protection and Electronic Documents Act (PIPEDA) does not interfere with the procedural powers of a court. The decision arose out of a situation in which past judicial interpretation and application of PIPEDA had impeded the ability of the…

Federal Privacy Commissioner Uses Ashley Madison Incident to Promote Good Information Governance

Organizations subject to Canadian privacy law should be aware that the Office of the Privacy Commissioner of Canada (together with the Australian Information Commissioner) recently issued a report on the 2015 breach of the Ashley Madison website – a breach that affected nearly 35 million individuals who had used the online dating site for adults…