Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
This article, which reviews the Canadian Consumer Privacy Protection Act, first seeks to identify the delta between the Act and PIPEDA in order to allow privacy officers of organizations that are already PIPEDA compliant to identify the net new compliance requirements under the Act and second, to highlight the provisions of the Act which, if breached, could lead to the imposition of significant fines.
In June 2022, Bill C-27, or “An Act to enact the Consumer Privacy Protection Act (the Act) and, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts” (Bill C-27) was introduced by the Minister of Innovation, Science and Industry, and underwent First Reading, as a replacement to the federal Personal Information Protection and Electronic Documents Act (PIPEDA). (This is in fact the second effort by the federal government to enact this replacement to PIPEDA. In 2021, Bill C-11 (An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts) — the mooted replacement for PIPEDA — passed Third Reading of the legislative process, but Canada then had a federal election, and as a result Bill C-11 died prior to being enacted.) Prior to the introduction of the Act, there were concerns that it would effectively be a “’Made in Canada’ GDPR”. However, while the Act has taken the lead from the EU General Data Protection Regulation in introducing financially enormous penalties, as well as the right of data portability and the right to be forgotten, enough of the original PIPEDA remains such that the Act is now effectively a PIPEDA/GDPR hybrid.
Continue reading by getting
started with a subscription.
Privacy Risk Management & Data Minimization
By Therese Craparo and Sarah Bruno
Many organizations — from growing start-ups to mature, well-established companies — are struggling with the new reality of what it means to manage data in an era of digital transformation, exponential data growth, and expanding regulatory regimes focusing on data management and minimization.
Digital Dibs: Rival Views of Generative AI Copyrights
By Greg Moreman
GAI platforms like ChatGPT and OpenAI often require very little human input, shattering this legal landscape’s framework by posing a simple question: Who authored the material? We’ll explore how two countries are answering this question in different ways.
Empowering Legal Professionals: Navigating AI Solutions for Efficiency and Data Security
By Michael T. Murray and Tony Donofrio
Integrating AI tools into legal practice without compromising the security of sensitive client information is a paramount concern. In this article, we’ll examine how AI is revolutionizing certain aspects of legal work, while offering best practices for employing these technologies and providing guidance for legal professionals in selecting the right AI products and service providers.
Pitfalls In Personal Device Data Collection
By Marjorie Peerce and Marguerite O’Brien
The increasing frequency of “bring your own device” policies creates serious implications for subpoena recipients and litigants to ensure compliance with discovery demands. And courts across the country consider such personal mobile data fair game. To avoid pitfalls —and sanctions — counsel must take proactive steps to ensure proper preservation and collection of personal mobile data and verify that clients comply.