It’s Time to Update PIPEDA’s Privacy Protection Provisions

The Personal Information Protection and Electronic Documents Act (PIPEDA) received Royal Assent on April 13, 2000 and came into force in stages between January 1, 2001 and January 1, 2004. When drafting Part 1 of the act – Protection of Personal Information in the Private Sector – lawmakers didn’t have to contend with the widespread use of content sharing applications such as Google Street View and Flickr and the privacy implications they present. The dawn of social media has significantly affected how personal information is collected, used and disclosed but PIPEDA remains unchanged.

To address the privacy implications of those technologies and introduce greater safeguards, Jennifer Stoddart (the Privacy Commissioner) is once again calling for updates to PIPEDA’s privacy provisions. In the newly released position paper, The Case for Reforming the Personal Information Protection and Electronic Documents Act, the Commissioner makes four recommendations for modernizing the privacy law:

Provide stronger enforcement powers such as statutory damages or giving the Commissioner the power to make orders
Require organizations to report personal information breaches and notify affected individuals so appropriate mitigating measures can be taken in a timely manner
Require organizations to publicly report on the number of disclosures they make to law enforcement without knowledge or consent and without judicial warrant
Modify the accountability principle in Schedule 1 to require organizations to demonstrate accountability upon request, incorporate the concept of ‘enforceable agreements’, and make certain accountability provisions subject to review by the Federal Court.

Commissioner Stoddart also addressed the need for reform in her May 23rd address at the 2013 Canada Privacy Symposium of the International Association of Privacy Professionals (IAPP). You can read the Commissioner’s speech here.

This is not the first time the Commissioner has recommended an overhaul of Canada’s outdated privacy laws in the past 10 years. This position paper is, however, likely her last kick at the can since her term expires in 7 months.

What remains to be seen is how the government will react to the recommendations. Is the government prepared to – finally – overhaul PIPEDA’s privacy provisions or will this position paper, like others before it, just gather dust on a shelf?

Organizational Data + An Internet Connection = A Recipe for Disaster

For many years, most organizations have had policies governing employees’ use of e-mail (e.g. no political solicitations, no profanity, etc.) and the Internet (e.g. don’t download or share information that’s offensive, illegal, discriminatory, etc.). And

April 4, 2014 No Comments

cloud

Government of Canada prohibits e-mail storage outside Canada

Due to the broad data/information collection, review, and retention provisions of the USA Patriot Act, RIM professionals have expressed concern about the risks to privacy rights and confidentiality when Canadian organizations store e-mails (and other

March 19, 2014 No Comments

admissibility

Privacy rights in the workplace

If you’re like me, you’ve read many e-mail and other records management policies stating that an employee should not expect any privacy when using a workplace computer (i.e. a computer owned by his/her employer). Many organizations are

December 21, 2012 No Comments

New Paper – Records Retention Scheduling II: Retention Schedule Development
Sheila Taylor’s latest chapter, “Records Retention Scheduling: Retention Schedule Development”, was published in the June 2021 supplement to Carswell’s Records … Read more
New Paper – Records Retention Scheduling I: Terminology and Concepts
Sheila Taylor’s latest chapter, “Records Retention Scheduling: Terminology and Concepts”, was published in the November 2020 supplement to Carswell’s Records … Read more
New Paper — Blockchain and Recordkeeping
Gregg Astoorian and Sheila Taylor have authored a new chapter for the November, 2018 supplement to Carswell’s Records and Information Management subscription-based … Read more