First Reference company logo

First Reference Talks

News and Discussions on Payroll, HR & Employment Law

decorative image

Personal Information Protection and Electronic Documents Act

Workplace data theft – Protect your company with best practices

The Capital One Data Breach has been big news lately, and for good reason. It’s a big deal. This breach compromised the data of over 100 million Capital One customers. Instead of a shadowy overseas hacker or a creepy crawler from the dark web, the hacker was a former employee of the cloud hosting company through which Capital One stored their data.

 

, , , , , , , , ,

PIPEDA Interpretation Bulletin regarding safeguards

The Privacy Commissioner of Canada has an Interpretation Bulletin dealing with privacy safeguards that can serve as helpful guidance for organizations who are subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).

 

, , , , , , , ,

Recent reports regarding privacy: 2018-2019 survey of Canadians on privacy and 2017 survey of Canadian businesses on privacy-related issues

The Privacy Commissioner of Canada has a mandate to protect and promote privacy rights of Canadians, and this includes conducting public opinion research with the general population and also with Canadian businesses on privacy-related issues.

 

, , , , , , , , ,

Privacy Commissioner of Canada’s consent guidelines are in effect as of January 1, 2019

Last spring, the Office of the Privacy Commissioner of Canada released an important guidance document concerning meaningful consent. It now applies as of January 1, 2019.

 

, , , , , , ,

Three popular articles this week on HRinfodesk

The three popular articles this week on HRinfodesk deal with a recent Ontario Court of Appeal decision that clarified the limitation period for a wrongful dismissal claim starts as soon as working notice is provided, the Morneau Shepell survey which shows employers in Canada are expecting salaries to increase by an average of 2.6 percent in 2019, and guidelines on obtaining meaningful consent.

 

, , , , , , , , , , , , , , , , , , , , , , , ,

Privacy Commissioner of Canada provides guidance on meaningful consent

Obtaining meaningful consent represents a significant responsibility, and the Privacy Commissioner has created a checklist to assist organizations in achieving compliance.

 

, , , , , , , ,

Privacy Commissioner of Canada provides guidance on inappropriate data practices

The Privacy Commissioner has outlined several “No-Go Zones”, and organizations are recommended to avoid collection, use and disclosure of personal information for these inappropriate purposes.

 

, , , , , , , , , , , , , , , , , ,

The European Union’s General Data Protection Regulation (GDPR) took effect on May 25, 2018 – what does this mean for Canadian organizations?

When determining whether the GDPR applies to our organization, it is important to ask questions such as, “Do I have an establishment in the EU?”, “Do I offer goods or services to individuals in the EU?”, and “Do I monitor the behaviour of individuals in the EU?”

 

, , , , , , , , , , , , , ,

PHIPA fines in the workplace

This spring the largest penalty to date was issued under Ontario’s Personal Health Information Protection Act (PHIPA). A social work student was convicted of accessing personal health information without authorization, and ordered pay a $20,000 fine and a $5,000 victim fine surcharge.

 

, , , , , , , , ,

Principle of accountability under PIPEDA

Under Personal Information Protection and Electronic Documents Act (PIPEDA), there is nothing that prevents organizations from outsourcing the processing of data inside or outside of Canada—however, organizations must take all reasonable steps to protect that information from unauthorized uses and disclosures when it is in the hands of third party processors. This is where accountability, the first principle in PIPEDA, comes in; and there are obligations to meet regarding training staff that are highly relevant.

 

, , , , , , , ,

“Safeguarding” personal information clarified

You may be wondering, what exactly is “safeguarding” personal information? Thankfully, the Office of the Privacy Commissioner of Canada has clarified how safeguarding can reduce the risk of privacy breaches.

 

, , , , , , ,

Three popular articles this week on HRinfodesk

The three popular articles this week on HRinfodesk deal with: an employee who described their workplace as a “sh*t hole” on Facebook was found to be justly terminated; how to prepare for marijuana legalization in Canada; and a pension and benefit plan provider who breached privacy law, causing an employee to lose life insurance coverage.

 

, , , , , , , , , , , , , , , ,

Genetic non-discrimination: Update on Bill S-201

Bill S-201 would prohibit any person from requiring an individual to undergo a genetic test as a condition of: providing goods or services to that individual; entering into or continuing a contract or agreement with that individual; or offering or continuing specific terms or conditions in a contract or agreement with that individual. Those who contravene the rules would be subject to severe penalties.

 

, , , , , , , , , , , ,

Three popular articles this week on HRinfodesk

The three popular articles this week on HRinfodesk deal with: An employee’s complaint regarding video surveillance cameras pointed toward her work area without the employer informing her of the installation; an FAQ that looks at an employer’s overpayment of vacation pay on a former employee’s final pay; and the Ontario Ministry of Labour’s plan to conduct targeted employment standards and occupational health and safety blitzes in workplaces across the province over the next year.

 

, , , , , , , , , , , ,

Digital Privacy Act is now law

The Digital Privacy Act (Bill S-4) passed into law, introducing (among other things) significant fines and mandatory breach notification (not yet in force) into the Personal Information Protection and Electronic Documents Act (PIPEDA).

 

, , , , , , , , , ,

Previous Posts