On December 10, 2015, the Privacy Commissioner of Canada released an annual report to Parliament highlighting a result of an audit of the government’s management of portable storage devices and reported data breaches.
The Digital Privacy Act (Bill S-4) passed into law, introducing (among other things) significant fines and mandatory breach notification (not yet in force) into the Personal Information Protection and Electronic Documents Act (PIPEDA). Organizations which handle personal information in the course of their commercial activities will want to undertake a review of their privacy policies and security safeguards. In light of the new power to levy significant monetary penalties, boards of directors may want to review their organization’s allocation of risk around these issues.
All new measures under the Digital Privacy Act are now in force, except for the data breach requirements (see discussion below).
The Digital Privacy Act introduces some provisions that will improve the operation of PIPEDA (for instance, introducing targeted exceptions to the consent principle, and expanding the scope of “business contact information” that will not be treated as “personal information”). However, there are four areas that … Continue reading “Businesses should re-evaluate approach to privacy with passage of Digital Privacy Act”
A question that I often get from clients is one about cyber-insurance. In light of the recent passing of Bill S-4, better known as the Digital Privacy Act, the Personal Information Protection and Electronic Act has now been amended to include mandatory breach notification provisions. While these mandatory breach notification provisions are not yet in force, it is a good time to review your cyber-insurance coverage.