Did you read my introductory remarks last week? If so, you know that I spent yesterday celebrating Data Privacy Day. I attended a special half-day KnowledgeNet in Ottawa and then attended a truly packed house at our Privacy After Hours. I hope you were able to do something fun, too. If not, then let’s get organized for next year so that you can partake in this global phenomenon.
In the news this week, there’s a lot to catch up on. I’m particularly interested in the recently announced Bell breach. I received an email from that company this week notifying me that my information was comprised. Ugh! Again? It left me wondering if the notice I received was adequate. I mean, if PIPEDA’s data breach notification regime was in place, would this type of bare bones email make the cut? From a consumer perspective, it felt pretty hollow.
This leads me back to the KnowledgeNet I attended yesterday. We had a director from ISED speak to the various files the Canadian government is active on regarding privacy. One of those files was getting the data breach regulations put into place and in force. I’m afraid I didn’t learn any special secrets, but it does appear that the regulations will be in place sometime in 2018 with a six-to-18-month coming-into-force period. I think it’s a fair characterization that the implementation period would be closer to six months as opposed to the 18-month option.
The other thing I learned from the director from ISED is that the Canadian government has been pretty active in engaging the European Commission on their decision to keep Canada an adequate country. They’ve made three different submissions in 2017 and plan to make another one in May/June of 2018. These submissions, which should be made public eventually (and I’m very anxious to read), are meant to make the case that Canada’s regime, as is, should be declared adequate by European standards. Knowing what I know from Europe, the Schrems case, and the details surrounding the approval of Privacy Shield as an adequacy vehicle, I must say that I’m extremely curious to see if the Canadian government’s position will prevail. If you work for an organization that receives data from Europe, are you not concerned? I know my clients are, and we are actively preparing for various outcomes.
Lastly, before I let you enjoy your weekend, I have to call out a special CIPP/C training session we’re holding in Ottawa Feb. 15 and 16. Yours truly will be leading the class of privacy professionals looking to prove their worth and take steps to get privacy certified. If you’re in town, maybe it’s time to make the investment for yourself.
If you want to comment on this post, you need to login.