Canada to amend PIPEDA with the Digital Privacy Act

Bill S-4, the Digital Privacy Act (An Act to amend the Personal Information Protection and Electronic Documents Act and to make a consequential amendment to another Act,) was given First Reading in the Senate today.  The summary of the Bill describes the proposed amendments as follows:

This enactment amends the Personal Information Protection and Electronic Documents Act to, among other things,
(a) specify the elements of valid consent for the collection, use or disclosure of personal information;
(b) permit the disclosure of personal information without the knowledge or consent of an individual for the purposes of
(i) identifying an injured, ill or deceased individual and communicating with their next of kin,
(ii) preventing, detecting or suppressing fraud, or
(iii) protecting victims of financial abuse;
(c) permit organizations, for certain purposes, to collect, use and disclose, without the knowledge or consent of an individual, personal information
(i) contained in witness statements related to insurance claims, or
(ii) produced by the individual in the course of their employment, business or profession;
(d) permit organizations, for certain purposes, to use and disclose, without the knowledge or consent of an individual, personal information related to prospective or completed business transactions;
(e) permit federal works, undertakings and businesses to collect, use and disclose personal information, without the knowledge or consent of an individual, to establish, manage or terminate their employment relationships with the individual;
(f) require organizations to notify certain individuals and organizations of certain breaches of security safeguards that create a real risk of significant harm and to report them to the Privacy Commissioner;
(g) require organizations to keep and maintain a record of every breach of security safeguards involving personal information under their control;
(h) create offences in relation to the contravention of certain obligations respecting breaches of security safeguards;
(i) extend the period within which a complainant may apply to the Federal Court for a hearing on matters related to their complaint;
(j) provide that the Privacy Commissioner may, in certain circumstances, enter into a compliance agreement with an organization to ensure compliance with Part 1 of the Act; and
(k) modify the information that the Privacy Commissioner may make public if he or she considers that it is in the public interest to do so

A Government press release describing the Bill can be found here.

Print Friendly, PDF & Email

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

automated decision making

Using privacy laws to regulate automated decision makingUsing privacy laws to regulate automated decision making



Making decisions about individuals using computers and computer algorithms is now commonplace. There are now also increasing proposals to use privacy laws to regulate automated decision making. One of the first explicit attempts to regulate ...

Alberta PIPA violates Charter says Supreme Court in IPC v United Food and Commercial WorkersAlberta PIPA violates Charter says Supreme Court in IPC v United Food and Commercial Workers



The Supreme Court released a landmark decision today in the  Alberta (Information and Privacy Commissioner) v. United Food and Commercial Workers, Local 401, 2013 SCC 62 case. In short, the Court found that while Alberta’s ...

%d bloggers like this: