Canada's Federal Privacy Commissioner Jennifer Stoddart
today released a position paper which offers a roadmap for
modernizing Canada's federal private-sector privacy law,
Personal Information Protection and Electronic Documents
Act (PIPEDA), so that it more effectively tackles current and
future privacy issues.
The paper specifically mentions the need for PIPEDA reform, in
light of Big Data. The privacy landscape that existed when PIPEDA
began coming into force back in 2001 was dramatically
"There was no Facebook, no Twitter and no Google Street
View. Phones weren't smart. 'The cloud' was something
that threatened picnic plans," says Commissioner Stoddart.
"The purpose of our privacy law – to balance privacy
and legitimate business needs – is no longer being met. The
legislation lacks mechanisms strong enough to ensure organizations
invest appropriately in privacy. As a result, consumer trust in the
digital economy is at risk."
The recommendations outlined in the new paper include:
Stronger enforcement powers: Options include
statutory damages to be administered by the Federal Court;
providing the Privacy Commissioner with order-making powers and/or
the power to impose administrative monetary penalties where
Breach notification: Require organizations to
report breaches of personal information to the Privacy Commissioner
and to notify affected individuals, where warranted. Penalties
should be applied in certain cases. A recent poll found that
virtually all Canadians – 97 percent – would want to be
notified of a breach involving their personal information.
Increase transparency: Add public reporting
requirements to shed light on the use of an extraordinary exception
under PIPEDA which allows law enforcement agencies and government
institutions to obtain personal information from companies without
consent or a judicial warrant for a wide range of purposes,
including national security; the enforcement of any laws of Canada,
provinces or foreign countries; or investigations or
intelligence-gathering related to the enforcement of these
Promote accountability: Amend PIPEDA to
explicitly introduce "enforceable agreements" to help
ensure that organizations meet their commitments to improve their
privacy practices following an investigation or audit.
"We live in a global world. Canada needs to ensure its
privacy legislation evolves to keep up with laws in other countries
with stronger enforcement powers," says Commissioner Stoddart.
"Canada cannot afford to be left behind other jurisdictions,
with little in the way of consequences for those that do not
respect our privacy law."
PIPEDA contains a provision requiring a review of the
legislation every five years to ensure that the legislation is
operating as it should, with the desired effects. The first review
began in 2006, and resulted in recommendations from the Standing
Committee on Access to Information, Privacy and Ethics (ETHI) to
the government. The government responded to the Committee by
introducing legislation in 2010, which died on the Order Paper
nearly one year later when an election was called. It was later
re-introduced as Bill C-12 in the fall of 2011, which, as of the
date of this publication, has not passed Second Reading. The second
review of PIPEDA is also now overdue.
In 2012, the ETHI Committee studied privacy and social media. On
April 23, 2013, the Committee issued its report on Privacy and Social Media in the Age of Big
Data, which included recommendations and asked for a government
response. The study provided an important opportunity to examine
many of the emerging privacy issues related to new technology.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).