New Government Regulations

The Government of Canada passed legislation amending the Personal Information Protection and Electronic Documents Act (PIPEDA). The Digital Privacy Act is now law except for sections that require regulatory measures.

These amendments to PIPEDA will impact every organization (businesses and not-for profits) that collects or stores personal information of employees or clients.    Key changes under the Digital Privacy Act:

  • Organizations are required to inform consumers when their personal information has been lost or stolen, ensuring that consumers can act to protect themselves when they shop online. Companies that cover up a data breach, or that deliberately fail to notify affected individuals and the Privacy Commissioner, could face fines of up to $100,000.
  •  Companies need to use clear, simple language when communicating to ensure that vulnerable Canadians, particularly children, fully understand the potential consequences of providing their personal information online.
  •  Common sense changes are being made that recognize the need for businesses to use personal information to conduct normal everyday activities. Barriers are also being removed to enable the sharing of information when it is in the public interest, such as to detect financial abuse or to communicate with the parents of an injured child.
  • The Privacy Commissioner of Canada has improved powers to enforce compliance, making the Office of the Privacy Commissioner more flexible and effective in protecting the rights of Canadians in the changing digital world.

The measures related to breach notification will not come into force until regulations have been adopted, which will take several months.   For more information, please consult: