Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
This article, which reviews the Canadian Consumer Privacy Protection Act, first seeks to identify the delta between the Act and PIPEDA in order to allow privacy officers of organizations that are already PIPEDA compliant to identify the net new compliance requirements under the Act and second, to highlight the provisions of the Act which, if breached, could lead to the imposition of significant fines.
In June 2022, Bill C-27, or “An Act to enact the Consumer Privacy Protection Act (the Act) and, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts” (Bill C-27) was introduced by the Minister of Innovation, Science and Industry, and underwent First Reading, as a replacement to the federal Personal Information Protection and Electronic Documents Act (PIPEDA). (This is in fact the second effort by the federal government to enact this replacement to PIPEDA. In 2021, Bill C-11 (An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts) — the mooted replacement for PIPEDA — passed Third Reading of the legislative process, but Canada then had a federal election, and as a result Bill C-11 died prior to being enacted.) Prior to the introduction of the Act, there were concerns that it would effectively be a “’Made in Canada’ GDPR”. However, while the Act has taken the lead from the EU General Data Protection Regulation in introducing financially enormous penalties, as well as the right of data portability and the right to be forgotten, enough of the original PIPEDA remains such that the Act is now effectively a PIPEDA/GDPR hybrid.
*May exclude premium content
By Larry Gagnon
Developing and delivering an IRP or TTE to improve the effectiveness of your incident response approach, in isolation, does not work. If your incident response preparation activity does not include some fundamental tactical actions, when the time comes and your house is on fire, your breach response will fail to meet your expectations.
By John Beardwood and Shan Arora
Part Four In a Series
The conclusion of the series on Canada’s recently introduced Consumer Privacy Protection Act looks at hot button enforcement issues in the Act.
By Shanil R. Vitarana
Like other organizations, including law firms, in-house legal departments have not been spared from the “great resignation.” Lawyers and professionals across all industries are actively seeking new opportunities for a host of reasons including better pay, better culture and better balance. When they leave, they take with them not just their talent but the institutional knowledge they’ve accumulated, while their former team members are left to piece things together.
By Kristin L. Burnett
The promise that the crypto and digital assets markets bring comes bundled with uncertainty — especially on the regulatory front. Until jurisdictions adopt unified and consistent frameworks that account for the unique facets and features of cryptocurrencies, institutional investors and other market participants must keep abreast of ever-changing, dynamic laws to avoid sanctions and fines.