What Marketing Professionals Think about the Value of Privacy to Customers In spite of compelling evidence that privacy-conscious marketing strategies appeal to consumers and are instrumental in building trust and greater campaign profitability, corporate marketing and privacy organizations often operate at odds with each other.

On January 1, 2004, Canada's new privacy laws came into effect, changing the way all Canadian organizations handle commercial transactions and customer information. CMA has led the industry in privacy education to ensure that organizations are compliant with the new legislation.

Federal

Legislation:

Personal Information Protection and Electronic Documents Act (PIPEDA)

Parliamentary Review of PIPEDA

PIPEDA includes provision for a mandatory review by Parliament every five years.

• On May 25, 2010, the Federal Government tabled Bill C-29, the Safeguarding Canadians’ Personal Information Act. These are long-anticipated changes to Canada’s private sector privacy law, the Personal Information Protection & Electronic Documents Act (PIPEDA).
  • Two significant changes were introduced that are of particular interest to marketers. Firstly, business e-mail addresses are to be included as business contact information that may be collected, used or disclosed without consent provided that the communications are related to the recipients employment, business or profession. Secondly, the Bill proposes breach notification and enforcement requirements which are largely consistent with the Privacy Commissioner’s national guidelines issued in 2007 after consultations with CMA and other stakeholder groups; the proposed amendments would require that organizations report any “material breach” involving personal information to the Federal Privacy Commissioner, and also notify the affected individuals in situations where the breach presents a “real risk of significant harm to the individual”.

• CMA submitted a response to Industry Canada on their response to the recommendations of the Commons Standing Committee regarding the PIPEDA review on Jan 15, 2008.

• On October 17, 2007, the Federal Government announced that it sees no need for significant change to PIPEDA. The government's response reflects of the key recommendations made by CMA.
  • CMA Member Bulletin - Federal Government recommends no major changes to privacy law - October 17, 2007

• The much-anticipated report of the Parliamentary Committee that conducted the statutory five-year review of Canada’s privacy law was tabled on May 2, 2007. The report calls for limited changes to PIPEDA at this time, making 25 recommendations, many of which aim for greater harmonization between the federal privacy law and the provinces of Quebec, Alberta and British Columbia, all of which have substantially similar private sector data protection laws.
  • CMA Member Bulletin - Privacy law report calls for breach notice provision - May 2, 2007
• The parliamentary committee that is handling the first stage of PIPEDA review is the House of Commons Standing Committee on Access to Information, Privacy and Ethics. Their work began November 20, 2006 with an appearance by Industry Canada officials to review the elements of the legislation and provide an overview of the impact since the phased introduction of PIPEDA in 2001 and 2004. CMA will be appearing December 4, 2006. CMA has been informed that the committee will be meeting to hear testimony on this issue every Monday and Wednesday until the holiday break, and potentially into the new year. As they become available, the detailed minutes of the hearings are posted here.

  CMA submission to House of Commons Standing Committee on Access to Information, Privacy and Ethics (December 4, 2006)

• In July of 2006 the Office of the Privacy Commissioner of Canada (OPC) released a discussion document which identified several issues the office has identified as warranting consideration in the upcoming review. Those interested in privacy were invited to comment on the issues and to raise any others that they think should be considered in the PIPEDA review. The OPC received 60 submissions from a wide range of associations, organizations and privacy stakeholders, as well as from individuals. Input received will help inform the OPC as it develops its submission to Parliament during the review of PIPEDA.

CMA was pleased to submit a response on September 7, 2006 that addressed many of the questions raised in OPC’s PIPEDA Review Discussion Document.

CMA Privacy Resources:

Small Business Privacy Compliance – Research Findings
CMA Privacy Compliance Guide
CMA Opt-Out Consent Guidelines
Best Practices in Data Management -- A Guide for Marketers
Other CMA Marketing Guides
Privacy Models that Work -- A Guide for Canadian Organizations
On-line self audit (privacy assessment tool)
Build it in: Privacy pivotal to effective Customer Relationship Management

Privacy in the Marketplace
Remarks for CMA Regulatory Affairs Conference
Address by Jennifer Stoddart, Privacy Commissioner of Canada
Toronto, Ontario
September 14, 2006

Member Bulletins:

• Federal Government recommends no major changes to privacy law
  October 17, 2007
• Privacy breaches – new guidelines on notifying affected consumers
  August 2, 2007
• Privacy law report calls for breach notice provision
  May 2, 2007
• CMA to Parliament: now is not the time for major changes to federal privacy law
  December 7, 2006
• RFID tags raising privacy concerns, Member Briefing
  June 27, 2006
• Privacy study attacks online retailers, Member Bulletin 214
  May 1, 2006
• Privacy commissioner attacks loyalty programs; calls for express
  consent for marketing offers, Member Bulletin #213
  April 6, 2006
• Special onus to ensure third parties fulfil privacy obligations: CMA
  Member Bulletin #210
  February 7, 2006
• New privacy resources available from CMA, Member Bulletin #200
  June 28, 2005
• Important privacy commissioner finding restricting use of bulk inserts
  Member Bulletin #195
  April 19, 2005

Links:

Federal Privacy Commissioner:

• Federal Privacy Commissioner's Guide for Canadian
  Businesses and Organizations

Industry Canada
CSA Model Code for the Protection of Personal Information

Substantially Similar Provincial Legislation

Alberta

Personal Information Protection Act (PIPA)

British Columbia

Personal Information Protection Act (PIPA)

Quebec

Act Respecting the Protection of Personal Information in the Private Sector

Provincial and Territorial Commissioner's Offices

Alberta

Office of the Information and Privacy Commissioner of Alberta

British Columbia

Office of the Information and Privacy Commissioner for British Columbia

Manitoba

Office of the Ombudsman

New Brunswick

Office of the Ombudsman

Newfoundland

Office of the Information and Privacy Commissioner for Newfoundland and Labrador

Northwest Territories

Information and Privacy Commissioner of the Northwest Territories
5018, 47th street
Yellowknife, Northwest Territories
X1A 2N2
Phone: (867) 669-0976
Fax: (867) 920-2511

Nova Scotia

Freedom of Information and Privacy Review Office

Nunavut

Information and Privacy Commissioner of Nunavut

Ontario

Information and Privacy Commissioner of Ontario

Quebec

La Commission d'accès à l'information du Québec

Saskatchewan

Information and Privacy Commissioner of Saskatchewan

Yukon

Ombudsman and Information and Privacy Commissioner of the Yukon

International Links

U.S. Federal Trade Commission
Information Commissioner (UK)
Federal Privacy Commissioner (Australia)
Federation of European Direct Marketing