While there is plenty of news this week, I think the biggest story relates to the release of the Office of the Privacy Commissioner of Canada’s annual report. Although, if you were one of the 100,000 Canadians who had their information jeopardized as part of the Equifax breach, I guess you might think my ranking of news stories is off-kilter.
In the annual report, the OPC states that they were informed of 95 breaches between April 1, 2016, and March 31, 2017. I wonder if that number will significantly or moderately go up next year once the data breach notification regime in Personal Information Protection and Electronic Documents Act comes into force.
And speaking of changes coming to PIPEDA, the OPC pulled no punches in their annual report by using some explicit language to try to get Parliament (and the government) interested in making further changes to the law. The legislative changes being asked for include moving away from the ombuds model, obtaining order-making powers, obtaining the power to levy administrative monetary penalties and demanding — proactively — that organizations be able to prove compliance and accountability.
What’s not said in the report is that if the OPC gets its way, our privacy laws will have a better chance at being seen as "adequate" when the Europeans review our privacy landscape. Hopefully, our lawmakers are thinking from that perspective, as well.
If you want to comment on this post, you need to login.