• First Reference
  • About us
  • Contact us
  • Blog Signup 📨

First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies
You are here: Home / Business / Amendments to PIPEDA disappoint privacy watchdogs

By Colin Braithwaite | 2 Minutes Read June 17, 2010

Amendments to PIPEDA disappoint privacy watchdogs

privacy-act
Image taken from: www.cba.org

On May 29, the federal government introduced Bill C-29, the Safeguarding Canadians’ Personal Information Act, which makes substantial changes to the Personal Information Protection and Electronic Documents Act (PIPEDA). The Bill had been in development for several years, and one of its primary objectives was to address a significant gap in PIPEDA, the issue of mandatory disclosure of “material” breaches of personal information by the companies or organizations responsible.
Although Bill C-29 does address this issue, it’s the way that disclosures are classified as material, and the lack of penalties for non-disclosure that have critics unhappy, like Michael Geist and Janet Lo, counsel with the Public Interest Advocacy Centre. Under the new legislation, the organizations responsible for the breaches get to decide if they are material and must be reported to the Privacy Commissioner (based on a number of criteria, such as the sensitivity of the information, the number of customers affected and an assessment by the company that concludes the cause of the breach indicates a systemic problem).
Companies also have the discretion to decide if they must inform the individuals whose personal information has been breached, based on whether the breach poses a real risk of significant harm (e.g., identity theft, fraud or damage to reputation). And there are no monetary penalties for sweeping significant data breaches under the rug. This is in contrast to laws in several United States jurisdictions that define the responsibility to report breaches with more precision, and either impose hefty fines for breaches or grant the right of those affected to sue the company responsible.
Confidentiality and Privacy policies are featured in all of First Reference’s Internal Control Library publications. See policy IT 8.04 in Information Technology PolicyPro, policy NP 1.08 in Not-for-Profit PolicyPro, and policy GV 1.11 in Finance and Accounting PolicyPro.
Colin Braithwaite
First Reference Internal Controls Managing Editor

  • About
  • Latest Posts
Follow me
Colin Braithwaite
Freelance editor at Colin Braithwaite Editorial Services
Colin Braithwaite has more than 20 years experience in writing and publishing. From 2004–2010, Colin was the Managing Editor responsible for the products in the Internal Control Library at First Reference Inc.
Follow me
Latest posts by Colin Braithwaite (see all)
  • Facebook faces privacy questions… again - July 8, 2010
  • Ontario introduces not-for-profit corporations act - July 8, 2010
  • Draft of new national securities act introduced - June 29, 2010

Article by Colin Braithwaite / Business, Privacy / disclosure of personal information, employee personal information, employment law, Finance and Accounting PolicyPro, Human Resources, information breaches, Information Technology PolicyPro, Janet Lo, Michael Geist, not-for-profit policypro, personal information, personal information protection, Personal Information Protection and Electronic Documents Act, PIPEDA, privacy, privacy breach, privacy legislation, Safeguarding Canadians' Personal Information Act

Share with a friend or colleague

Get the Latest Posts in your Inbox for Free!

Electronic monitoring

About Colin Braithwaite

Colin Braithwaite has more than 20 years experience in writing and publishing. From 2004–2010, Colin was the Managing Editor responsible for the products in the Internal Control Library at First Reference Inc.

Footer

About us

Established in 1995, First Reference is the leading publisher of up to date, practical and authoritative HR compliance and policy databases that are essential to ensure organizations meet their due diligence and duty of care requirements.

First Reference Talks

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies

Main Menu

  • About First Reference
  • Resources
  • Contact us
  • 1 800 750 8175

Stay Connected

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

We welcome your comments on our blog articles. However, we do not respond to specific legal questions in this space.
We do not provide any form of legal advice or legal opinion. Please consult a lawyer in your jurisdiction or try one of our products.


Copyright © 2009 - 2023 · First Reference Inc. · All Rights Reserved
Legal and Copyright Notices · Publisher's Disclaimer · Privacy Policy · Accessibility Policy