Today, June 18, 2015, Bill S-4, the Digital Privacy Act was passed by Canada’s House of Commons vote. Bill S-4 was previously passed by Canada’s Senate.
The Digital Privacy Act includes important amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA). These include:
Mandatory Breach Notification
When the amendments come into force (on a date yet to be determined), Canada will have a new federal data breach reporting law. An organization will be required to notify the Office of the Privacy Commissioner of Canada following a breach of security safeguards involving personal information under its control when there is a real risk of significant harm to individuals from the breach. Organizations will also be required to notify affected individuals in these circumstances.
An organization will also be required to keep records of each and every breach of security safeguards involving personal information under its control and, upon request, provide the Office of the Privacy Commissioner, with access to that record.
Bill S-4 provides other provisions and amendments, including compliance agreements and fines, which Timothy Banks of Dentons LLP previously discussed [http://www.privacyanddatasecuritylaw.com/canadas-digital-privacy-rethink-fines-enforceable-compliance-agreements-and-more].
We will continue to report on Bill S-4 and compliance strategies over the coming months.