On January 1, 2004, the Personal Information Protection and Electronic Documents Act (PIPEDA) came into force across Canada governing all commercial transactions in the country except intra-provincial commercial activities of organizations in a province where the province has enacted substantially similar legislation to the Federal Act. To date, three provinces have substantially similar legislation in place: British Columbia, Alberta and Quebec.
On June 18, 2015, the Digital Privacy Act became law, amending PIPEDA to include a business transaction exemption, mandatory breach notification requirements, enhanced powers for the Privacy Commissioner, and various other updates.
The Breach of Security Safeguards Regulations (“Regulations”) that were released in 2017 for comment; the Regulations will be finalized in the near future, and the amendments and Regulations are expected to come into force later this year.
Canadians want user-friendly information about privacy policiesIn a study commissioned and guided by the Canadian Marketing Association (CMA)’s Privacy and Data Advisory Committee, it was found that consumers want to read privacy policies, but they have to be user-friendly. The survey, undertaken to provide insights on privacy-related consumer views and released to mark International Data Privacy Day, sought to identify some of the reasons why Canadians do not read privacy policies. It identified that while most Canadians say they read parts of privacy policies, one quarter admit they don’t read policies at all, mainly because they find privacy policies are too long and difficult to understand.
- Presentation: Why smaller organizations need to understand privacy laws & best practices too
- Member Guide: Privacy Compliance
- Government Submission: CMA responds to OPC’s ‘Consent and Privacy’ Discussion Paper
- Blog: The Trump effect on Canadian marketing
- Member Bulletin: Marketing impacted by Changes to Federal Privacy Law