Happy New Year! Jan. 1 marks the day that the federal privacy commissioner has said will be the start of the enforcement of his meaningful consent guidelines. If you are responsible for privacy in your organization, hope you made it your resolution for 2019. And you’d better be double-checking to make sure that when you’re obtaining consent to process personal information, that you’re doing it in accordance with the guidelines. There’s an article below that goes into a bit more detail to the actual guidelines.

I know from helping my clients try to operationalize these guidelines that probably the most controversial aspect is the part that says you must identify and state the risk of harm and other consequences associated with the processing of personal information. I think it’s a good thing to say, academically, but actually identifying the risk of harm and other consequences is not easily done. I, for one, am interested to see how the Office of the Privacy Commissioner is going to enforce this particular aspect.

A less controversial position in the guidelines is the line-in-the-sand position taken for obtaining consent from children. The OPC in this instance is clear that those under the age of 13 cannot provide meaningful consent. The U.S. has had this threshold for years, so it should not come as a big shock. If your organization interacts with this demographic, you must have a way to reach the substitute decision-maker for the child. Equally helpful is the notion that for minors 13 and above, organizations must still prove that the methods used to obtain consent work for those of that age group.

Time will tell whether the enforcement of these guidelines results in meaningful progress for the privacy rights of Canadians. Let’s watch how it unfolds closely. I’d love to hear from any of you who have worked to update your policies to ensure compliance. How did it go?