Harper Government Introduces New Law to Protect the Personal Information of Canadians Online

OTTAWA, ONTARIO--(Marketwired - April 8, 2014) - Industry Canada

The Digital Privacy Act, introduced today in Parliament, will provide new protections for Canadians when they surf the web and shop online. These changes to protect Canadians' personal information are key elements of Digital Canada 150, a plan for Canada's digital future.

The Digital Privacy Act will require organizations to inform consumers when their personal information has been lost or stolen-also referred to as a "data breach"-ensuring Canadians can act to protect themselves when they shop online. Companies that fail to do so, or that destroy these records, will face fines of up to $100,000.

The new measures also establish stronger rules to ensure that vulnerable Canadians, particularly children, fully understand the potential consequences when companies ask to collect and use their personal information. Companies will need to communicate these requests in clear and simple language for the target audience.

Changes will also be made to the way personal information is shared from one business to another. This includes vital information for financial institutions to detect financial abuse and attempts to defraud seniors or to communicate with the parents of an injured child.

The Privacy Commissioner of Canada will also have improved powers, making the Commissioner more flexible and effective in protecting the rights of Canadians in the changing digital world.

Quick facts

• Protecting Canadians is one of five key principles under Digital Canada 150, a plan for Canada to take full advantage of the economic opportunities of the digital age.
• Digital Canada 150 will ensure that Canadians can trust that their online transactions are secure, that we lead in protecting the online privacy of our citizens, and that families are safeguarded against cyberbullying and other online threats.
• The Digital Privacy Act sets the rules for how private sector businesses collect, use and disclose personal information including name, age, employment records, medical files, income and more. This type of information is required by many companies and organizations to conduct their regular business.

Quotes

"Canadians need to have confidence that their online transactions are secure, their privacy is protected and their families are safe from online threats. The Digital Privacy Act is an important next step to protect the personal information of Canadians online. These changes will inform Canadians when their personal information has been lost, stolen or put at risk, and they will ensure companies that break these rules are punished."

- James Moore, Minister of Industry

"Elder abuse is an appalling crime and our government is committed to protecting seniors from all forms of abuse. This legislation takes action by strengthening Canada's private sector privacy laws and provides added protections for seniors, especially against financial abuse. This continues our government's hard work to ensure that those who are vulnerable in society are not taken advantage of."

- Alice Wong, Minister of State (Seniors)

Associated links

- Digital Privacy Act at Parliament of Canada LEGISinfo

- Backgrounder: Canada's Digital Privacy Act

- Digital Canada 150

- Personal Information Protection and Electronic Documents Act

Follow us on Twitter: @industrycanada

Backgrounder

Canada's Digital Privacy Act

In a digital world, Canadians need to have confidence that their online transactions are secure, their privacy is protected and their families are safe from online threats.

Canada's Digital Privacy Act provides important improvements to Canada's private sector privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA).

The Digital Privacy Act will ensure that Canadians are safer and more secure when they surf the web or shop online. The proposed amendments will:

• better protect consumers;
• simplify rules for businesses; and
• increase compliance with PIPEDA.

PROTECTING CONSUMERS

The Digital Privacy Act will require organizations to tell individuals if their personal information has been lost or stolen and if there is a risk that they could be harmed as a result-for example that their identity could be stolen. Organizations will also have to tell individuals what steps they can take to protect themselves. In addition, organizations will be required to report these potentially harmful data breaches to the Privacy Commissioner of Canada. These changes will empower consumers and encourage businesses to have better information security. Companies that deliberately fail to report a data breach or notify individuals could face fines of up to $100,000 for every individual not told.

With the new amendments, organizations will be required to keep records of all data breaches and provide this information to the Privacy Commissioner upon request. This will allow the Privacy Commissioner to fulfill the required oversight role and make sure that companies are reporting potentially harmful breaches. Companies that deliberately cover up a data breach by not keeping these records, or destroying them, could face fines of up to $100,000 per offence.

New requirements for obtaining an individual's approval to collect, use or share his/her personal information are also being proposed to establish stronger privacy protection for more vulnerable Canadians, such as children. Changes will require organizations to communicate clearly with their target audience when obtaining consent and to consider whether their target audience is able to understand the consequences of sharing their personal information.

The Act also sets limited exceptions to allow personal information to be shared in situations where it is needed to help protect individuals from harm, such as to protect seniors from financial abuse, communicate with the family of an injured or deceased individual, or detect and prevent fraud.

STREAMLINING RULES FOR BUSINESSES

The Digital Privacy Act will also reduce unnecessary red tape by making sure that companies are able to use personal information to support their normal day-to-day business activities without undermining individual privacy. The Act will make it easier for businesses to collect, use and share information in order to manage employees, conduct due diligence when buying another company or process insurance claims.

INCREASING COMPLIANCE

Ensuring that the Privacy Commissioner has effective tools to protect Canadians' privacy is an important part of the Digital Privacy Act. These changes will give the Commissioner the ability to negotiate voluntary compliance agreements with organizations. These agreements enable organizations to make a binding commitment to take action to ensure compliance with the Act and avoid costly legal action. At the same time, they will allow the Commissioner to hold organizations accountable when they fail to protect their customers.

The Digital Privacy Act will also give complainants, including the Commissioner, up to a year after an investigation has been completed to ask the Federal Court of Canada to order an organization to comply with the law or to award damages to an individual who has been harmed as the result of a privacy violation. This allows enough time for an organization to voluntarily take corrective action or negotiate a compliance agreement, while maintaining the ability to take the matter to court.

Finally, the Digital Privacy Act will provide more flexibility to publicly release information about non-compliant organizations, if the Commissioner considers it to be in the public interest to do so, so that Canadians can be aware and take action to protect themselves.