On February 3, 2021, the conclusions of a joint investigation conducted by the Office of the Privacy Commissioner of Canada (OPC), the Commission d'accès à l'information du Québec (QC Commission), the Office of the Information and Privacy Commissioner of British Columbia (BC OIPC) and the Office of the Information and Privacy Commissioner of Alberta (AB OIPC), collectively referred to as the Offices, were released—finding that Clearview AI violated the privacy rights of Canadians.
On November 16, 2020, the federal government introduced the Consumer Privacy Protection Act (“CPPA”), which, if enacted, will provide organizations with greater clarity regarding their obligations when engaging third party service providers to process personal information outside Canada. In this blog, we explore how the core concepts of cross-border transfers of personal information for processing are evolving after a brief period of major uncertainty.
On December 14, 2020, the Privacy Commissioner of Canada, Daniel Therrien, issued a statement regarding the recent data breach at Desjardins. The statement involved the investigation conducted under the Personal Information Protection and Electronic Documents Act (PIPEDA) concerning the largest ever data breach in Canada’s financial services sector. Plainly put, the investigation revealed that Desjardins did not demonstrate the appropriate level of attention required to protect the sensitive personal information entrusted to its care.