On January 21 we attended an online seminar regarding scheduled changes to Canada’s privacy laws. The event was hosted by Michael Argast and Keith Deighton of cyber security firm Kobalt and featured a presentation from Vancouver-based Privacy & Cybersecurity Lawyer, Ritchie Po.
As per Po, Bill C-11 was introduced on November 17, 2020 with the intent to replace Part 1 of the Personal Information & Protection of Electronic Documents Act (PIPEDA) with the Consumer Privacy Protection Act (CPPA). When passed, Bill C-11 will:
- Update existing legislation,
- Create a new administrative tribunal to hear appeals of decisions made by the Privacy Commissioner,
- Allow individuals to request deletion their personal data (with certain exceptions),
- Allow for data mobility,
- Provide details of ‘business activity’ exemptions, and
- Outline the penalties that can be imposed for non-compliance – penalties that for the most serious violations have been described as “the strongest among the G7”.
Bill C-11 is not yet law – it will be going through committee review and industry consultation – but Po noted that a decision will be coming this year and anticipates a time allotment for compliance.
In the interim, Po suggested businesses protect themselves by enacting strong privacy protection measures, conducting impact assessments, reviewing record management and privacy breach handling/reporting processes, as well as education and training (more about business protection in this article). For additional reading on the coming changes to Canada’s privacy laws, click here.