Leaders in privacy, compliance & information governance solutions

Welcome. Log in or create an account for AccessPrivacy.com

Proposed Amendments to PIPEDA

May 25, 2010

The Government of Canada introduced amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA), on May 25, 2010, providing the Government response to the first (2006) statutory review of the federal privacy legislation.  A preliminary overview of Bill C-29 is set out below.  It should be noted that additional amendments to PIPEDA are contained in Bill C-28, the Fighting Internet and Wireless Spam Act, which was also introduced in the House of Commons on May 25, 2010.  An overview of the content of this Bill will be provided under separate cover.

For the most part, the Bill can be viewed as pro-business and includes many important amendments that improve clarity and certainty, and removes provisions that have proven burdensome for businesses of all sizes.  The elimination of the regulatory regime associated with Investigative Bodies together with clarification of the concept of “lawful authority” alone should provide significant administrative relief to organizations across the country. 

The Bill reflects the Government’s position set out in its July 2008 Response to the Fourth Report of the Standing Committee on Access to Information, Privacy and Ethics (ETHI Committee).  In that sense, new requirements relating to data breach notification should not be a surprise and largely reflect the Industry Canada model that had been circulated to stakeholders, also in 2008.

The one unexpected provision in the Bill is the introduction of a concept of “valid consent” that amends Principle 3 – Consent, as set out in clauses 4.3 to 4.3.8 of Schedule 1 to PIPEDA, and introduces the potential for a largely subjective interpretation of what has been “understood” by the individual in the context of notice and consent.

For additional information download our full briefing note here.

Legislation; PIPEDA; Share This