Canadian businesses report increased knowledge of
privacy issues, but little progress in implementing privacy
policies or response plans for data breaches – placing them
at risk for new enforcement activities and fines.
The Office of the Privacy Commissioner of Canada
("OPC") recently commissioned a
telephone survey of 1,016 Canadian companies to find out how
Canadian businesses fare with their privacy knowledge and
protections. The informative report on the survey, the 2015
Public Opinion Research with Canadian Businesses on Privacy-Related
Issues, can be accessed here.
It turns out that while much has changed, much has also stayed
the same. A summary of some of the highlights from the survey
report is provided below.
Privacy Knowledge Increasing
There are a few notable areas where companies have improved in
their knowledge of and compliance with privacy issues. For
instance, companies are increasingly familiar with privacy
legislation and have policies or procedures in place to assess
Now, more than ever, the majority of companies are at least
"somewhat familiar" with their responsibilities under
Canada's privacy laws. Fifty-nine percent of business
executives said their company has taken steps to ensure that it
complies with the Personal Information Protection and
Electronic Documents Act (PIPEDA), and the majority of these
respondents said that they have not found compliance to be
In addition, the vast majority of companies now use tools to
protect customer information such passwords, firewalls and
encryption, more than the last survey conducted in 2013.
These findings suggest an increase in the general knowledge of
privacy obligations and concerns, as well as some greater action on
behalf of companies to protect customer information.
Privacy Compliance Lagging
There has been less improvement with respect to dealing with
actual privacy data breaches. The OPC's survey results show
only a modest increase in the number of companies who have policies
and procedures in place in case of an actual breach.
Moreover, less than half of respondents reported having privacy
policies to inform customers about what kind of personal
information they collect and how the information is used.
Finally, the number of respondents who said their company is
"highly aware" of its responsibilities under Canada's
privacy laws is virtually unchanged from 2013.
These trends should change more readily particularly given the
OPC's now broader powers to enforce and penalize for privacy
here for more details).
Peerenboom v Marvel Entertainment (2016 NY Slip Op 31957(U)) is drama-driven case in which the New York County Supreme Court afforded Toronto businessman Harold Peerenboom the right to obtain the private emails...
The Supreme Court of Canada released a landmark decision today giving important guidance on how Canada's federal privacy law, the Personal Information Protection and Electronic Documents Act, should be interpreted.
The Ontario Superior Court of Justice recently approved a settlement agreement in the Lowanski v The Home Depot class action, a decision that highlights adequate protection and a sufficient response can significantly reduce the legal risks after a data breach.
The October 19, 2016 judgment of the European Court of Justice in the matter brought by Patrick Breyer against the Federal Republic of Germany (the "EU Decision") raises the issue of whether an IP address is personal information under the EU Directive 95/46/EC and provides an interesting comparison with the Canadian perspective.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).