The Privacy Advisor recently caught up with David Young, Principal at David Young Law, a privacy and regulatory counsel practice in Toronto, Canada, where he focuses on regulatory law with an emphasis on privacy, security, product marketing, and organizational compliance. Young was a member of the IAPP's Canadian advisory board and has spoken at all but one of the IAPP Canada Privacy Symposium. This year, Young will be speaking on a panel titled, "GDPR Gap Analysis From A Canadian Privacy Prospective." He's also a farmer in his spare time.

The Privacy Advisor: How have you seen the privacy landscape change in Canada? 
David Young: It's definitely changed but not just here in Canada — it's worldwide. Canada was kind of pulled in kicking and screaming with the Personal Information Protection and Electronic Documents Act, and they had to get compliant. When the law became fully effective in 2004, businesses used to do the minimum and privacy was kept to the sidelines. The difference is that today, privacy is now central to corporate compliance. Individuals are more concerned about what happens to their data and as a result, so too are businesses. The result has been that the diverse range of individuals who are working in this area is day and night from 15 years ago. It’s just an explosion of privacy practitioners, experts, advisors. Privacy is now front and center.

The Privacy Advisor: As May 25 draws closer, how would you describe the mood among fellow privacy pros?
David Young: GDPR is definitely sucking the oxygen out of everybody. It’s been an active focus for a year but companies have been worried and scrambling to get in compliance and get to level of comfort for May 25. I wouldn’t call it anxiety, rather that privacy practitioners have a very clear focus, learning as much as we can about what the rules are and becoming comfortable with them. One place where the rubber will hit the road is finding out what Canadian companies need to do to move from national privacy (PIPEDA) compliance to GDPR compliance.

The Privacy Advisor: Are you concerned about Canada maintaining adequacy under the GDPR?
David Young: No, not at all. The Innovation Science and Economic Development Canada has had an active involvement with the European Union sub-group that is responsible for assessing the adequacy status. Canada has an ongoing dialogue with the Europeans and is issuing public reports. The potential differences between PIPEDA and the GDPR are not many and ultimately, if its required there will be changes to PIPEDA, but we were expecting some changes coming down the pike anyways.

The Privacy Advisor: You’ve spoken at quite a few IAPP Symposium's, have you noticed a difference from year to year? Any expectations for this year?  
David Young: The symposium has evolved with the trajectory of privacy. It was good at the beginning and it's better now. It’s become very much the signature privacy event in Canada, and as a result you get very good attendance from our regulators and you are able to meet them in networking sessions. Issues that I think are going to get a lot of air time will be around data tracking, data use, data aggregating and political interference. I will be looking to see how these topics hit at both the keynotes and the general sessions.

The Privacy Advisor: What do you do for fun when you’re not in the office? 
David Young: I used to be a farmer in my part-time and now I’m a retired farmer. I still spend a lot of time at my farm. It’s sort of never ending but a lot of R&R, physical labor, keeping the place in shape and that sort of thing. I’m not an active farmer but spend a lot of time there and enjoy it.