The Personal Information Protection and Electronic Documents Act (PIPEDA) received Royal Assent on April 13, 2000 and came into force in stages between January 1, 2001 and January 1, 2004. When drafting Part 1 of the act – Protection of Personal Information in the Private Sector – lawmakers didn’t have to contend with the widespread use of content sharing applications such as Google Street View and Flickr and the privacy implications they present. The dawn of social media has significantly affected how personal information is collected, used and disclosed but PIPEDA remains unchanged.
To address the privacy implications of those technologies and introduce greater safeguards, Jennifer Stoddart (the Privacy Commissioner) is once again calling for updates to PIPEDA’s privacy provisions. In the newly released position paper, The Case for Reforming the Personal Information Protection and Electronic Documents Act, the Commissioner makes four recommendations for modernizing the privacy law:
- Provide stronger enforcement powers such as statutory damages or giving the Commissioner the power to make orders
- Require organizations to report personal information breaches and notify affected individuals so appropriate mitigating measures can be taken in a timely manner
- Require organizations to publicly report on the number of disclosures they make to law enforcement without knowledge or consent and without judicial warrant
- Modify the accountability principle in Schedule 1 to require organizations to demonstrate accountability upon request, incorporate the concept of ‘enforceable agreements’, and make certain accountability provisions subject to review by the Federal Court.
Commissioner Stoddart also addressed the need for reform in her May 23rd address at the 2013 Canada Privacy Symposium of the International Association of Privacy Professionals (IAPP). You can read the Commissioner’s speech here.
This is not the first time the Commissioner has recommended an overhaul of Canada’s outdated privacy laws in the past 10 years. This position paper is, however, likely her last kick at the can since her term expires in 7 months.
What remains to be seen is how the government will react to the recommendations. Is the government prepared to – finally – overhaul PIPEDA’s privacy provisions or will this position paper, like others before it, just gather dust on a shelf?