TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Canada Dashboard Digest | Notes from the IAPP Canada Managing Director, Sept. 23, 2022 Related reading: A view from Brussels: The latest on the DSA, DMA and Privacy Shield




When the Personal Information Protection and Electronic Documents Act was first enacted, there was a recognition that it would not cover employee privacy unless those employees worked for federal works or undertakings. This is because of the constitutional division of powers and it makes sense. But it also means that there are a lot of employees out there who do not have privacy protection by way of law. One way to fix this is to have provinces pass substantially similar laws that plug the hole.

But a strange thing has happened over the years about federal works and undertakings — FWUBs, as we like to call them. There is the question of whether they have to comply only with PIPEDA or if these entities should also be complying with the provincial laws that have passed (in Alberta, British Columbia and Quebec).

Through the grapevine, I’ve heard a number of strange cases where this issue has been debated. For example, a FWUB that experienced a breach reported the matter to the Office of the Information and Privacy Commissioner of Alberta because the breach involved information about Albertans, but the regulator wrote back saying that they were a FWUB and therefore did not need to report provincially.

On the other hand, I’m also aware of a handful of cases where the regulator in Quebec is investigating FWUBs. We are awaiting the final decisions in these cases and it is at least a bit informative that the Quebec regulator did not outright reject their own jurisdiction on account that the organizations are FWUBs.

For as long as we continue to have the entire substantially similar regime, I think this issue will keep coming up. Of course, some clarity and consistency from the regulators would be welcome too (hint, hint).

And, before I let you get on to your weekend, I just wanted to shout out two little things:

First, next week is Right to Know Week. It highlights the importance of government transparency, but I think as privacy pros — in some cases wearing both privacy and freedom of information hats — we can also highlight the importance of transparency.

Second, the Sept. 30 deadline for the IAPP’s call for volunteers is fast-approaching. It’s a great way to give back to your profession and network, so please consider applying for one of the many great positions where you can make a real difference. Here’s a link to get you started.


If you want to comment on this post, you need to login.