ARTICLE
4 December 2013

New Private Sector Privacy Legislation For Manitoba

SB
Smart & Biggar

Contributor

Smart & Biggar logo
Smart & Biggar uncovers and maximizes intellectual property and technology assets for our clients. Today’s fast-paced innovation economy demands a higher level of expertise and attention to detail when it comes to IP strategy and protection. With over 125 lawyers, patent agents and trademark agents collaborating across five Canadian offices, Smart & Biggar is trusted by the world’s leading innovators to find value in their IP rights. As market leaders in IP, Smart & Biggar’s team is on the pulse when it comes to the latest developments and the wider industry changes that impact our clients. To stay informed, visit smartbiggar.ca/insights, including access to our RxIP Update (smartbiggar.ca/insights/rx-ip-updates), a monthly digest of the latest decisions and law surrounding the life sciences and pharmaceutical industries.
Explore Firm Details
Lexpert Firm Profile
In September 2013, Manitoba became the most recent province with privacy legislation governing the collection, use and retention of personal information by private sector entities by passing The Personal Information Protection and Identity Theft Prevention Act (PIPITPA).
Canada Privacy
Bereskin & Parr LLP
Your Author LinkedIn Connections

In September 2013, Manitoba became the most recent province with privacy legislation governing the collection, use and retention of personal information by private sector entities by passing The Personal Information Protection and Identity Theft Prevention Act (PIPITPA).  British Columbia, Alberta and Quebec each have private sector privacy legislation that has been designated by Canada's Privacy Commissioner as "substantially similar" to the federal Personal Information Protection and Electronic Documents Act (PIPEDA).  PIPITPA is not yet in force and awaits pronouncement from the Privacy Commissioner as to whether it is "substantially similar".

PIPITPA contains many similarities to PIPEDA and the other provincial laws, such as requiring consent from an individual before an organization collects, uses or discloses his/her personal information and limiting collection, use or disclosure of personal information to what is reasonable.  However, there are also a number of differences.

One of the main differences between PIPITPA and the other Canadian private sector privacy laws is that it appears to create a lower threshold of requiring an organization to notify an individual if his/her personal information is stolen, lost or accessed in an unauthorized manner than the rest of Canada.  Once the law is passed, notification will be required regardless of the degree of risk of harm unless the organization is satisfied that it is not reasonably possible for the personal information to be used unlawfully, or if law enforcement is investigating and instructs the organization not to disclose.  The breach notification requirement in other provincial laws is only triggered if there is a real risk of significant harm.

PIPITPA also provides for a private right of action for privacy breaches, but does not allow for a complaint procedure to the Manitoba Ombudsman.  It also provides for summary conviction offenses of $100,000 for organizations, which are subject to a due diligence defense

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Bereskin & Parr LLP
Bereskin & Parr LLP
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More