It’s Time to Update PIPEDA’s Privacy Protection Provisions

It’s Time to Update PIPEDA’s Privacy Protection Provisions

The Personal Information Protection and Electronic Documents Act (PIPEDA) received Royal Assent on April 13, 2000 and came into force in stages between January 1, 2001 and January 1, 2004.  When drafting Part 1 of the act – Protection of Personal Information in the Private Sector – lawmakers didn’t have to contend with the widespread use of content sharing applications such as Google Street View and Flickr and the privacy implications they present.  The dawn of social media has significantly affected how personal information is collected, used and disclosed but PIPEDA remains unchanged.

To address the privacy implications of those technologies and introduce greater safeguards, Jennifer Stoddart (the Privacy Commissioner) is once again calling for updates to PIPEDA’s privacy provisions.  In the newly released position paper, The Case for Reforming the Personal Information Protection and Electronic Documents Act, the Commissioner makes four recommendations for modernizing the privacy law:

  • Provide stronger enforcement powers such as statutory damages or giving the  Commissioner the power to make orders
  • Require organizations to report personal information breaches and notify affected individuals so appropriate mitigating measures can be taken in a timely manner
  • Require organizations to publicly report on the number of disclosures they make to law enforcement without knowledge or consent and without judicial warrant
  • Modify the accountability principle in Schedule 1 to require organizations to demonstrate accountability upon request, incorporate the concept of ‘enforceable agreements’, and make certain accountability provisions subject to review by the Federal Court.

Commissioner Stoddart also addressed the need for reform in her May 23rd address at the 2013 Canada Privacy Symposium of the International Association of Privacy Professionals (IAPP).  You can read the Commissioner’s speech here.

This is not the first time the Commissioner has recommended an overhaul of Canada’s outdated privacy laws in the past 10 years.  This position paper is, however, likely her last kick at the can since her term expires in 7 months.

What remains to be seen is how the government will react to the recommendations.  Is the government prepared to – finally – overhaul PIPEDA’s privacy provisions or will this position paper, like others before it, just gather dust on a shelf?

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Posts


Privacy rights in the workplace

If you’re like me, you’ve read many e-mail and other records management policies stating that an employee should not expect any privacy when using a workplace computer (i.e. a computer owned by his/her employer). Many organizations are

Read More »

Managing GPS Data as a Record

Many organizations such as municipalities, utilities, construction firms, mining and resource companies, waste management contractors, and transportation and logistics companies have fleets of vehicles and large mobile workforces.  If you are an IM manager in one

Read More »
  • About the Author

  • Sheila Portrait
    Sheila Taylor
  • Sheila Taylor is a well known consultant, educator, speaker and writer with more than 25 years of experience in the information management (IM) field.

  • Recent Tweets

  • Company News

  • Search Site

  • Archives By Date

  •  Telephone


    (905) 702-8756




    Request A Call

    Case in Point

    That's A Lot of Records!
    Often the requirement for a needs assessment is driven by a specific initiative being considered or an immediate problem to be solved, rather than a general desire to establish a corporate (or organization-wide) IM program. We had a client wanting to improve its management of a specific group of critical records – thousands of member files in paper, microform and digital formats containing hundreds of unique document types.
    Assess, Plan and Schedule
    Ergo reviewed the organization’s current practices for managing those records, compared those practices to best practices, and identified risks and areas for improvement. From there we developed a strategic plan with a focus on records storage and retention. The plan identified the operational, financial and technological requirements for implementing the recommended changes, improvements and enhancements in the lifecycle management of the member records. Activities in the plan were classified as short term (next 6-12 months), medium term (next 12-24 months) and longer term (next 25+ months).
    Step by Step Success
    Implementation of the strategic plan enabled this organization to ensure its member records are properly identified, organized, accessible, protected and retained as long as necessary to meet operational and other requirements.
    Previous slide
    Next slide