Privacy Commissioner recommends updates to 33-year-old Privacy Act

Canada’s Privacy Commissioner is calling for a reform of the Privacy Act that would require public institutions to report data breaches and to make the collection of personal information possible only when it’s explicitly necessary, according to the office.

Canada’s Privacy Act regulates how the federal government and its institutions handle the personal information of Canadians. It was introduced July 1, 1983 – a year that the Commodore 64 and the Apple II were top-selling computers – and hasn’t received a substantial update since then. Last year, Parliament passed the Digital Privacy Act, which amended the Personal Information Protection and Electronic Documents Act (PIPEDA), the law that regulates how the private sector handles personal information. Now Daniel Therrien, the Privacy Commissioner of Canada, is turning his attention to the public sector.

“Technological change has allowed government information sharing to increase exponentially. Existing legal rules are not sufficient to regulate this kind of massive data sharing,” reads Therrien’s opening statement given to the Standing Committee on Access to Information, Privacy, and Ethics on Reform of the Privacy Act on Thursday. “We recommend creating an explicit requirement for institutions to safeguard personal information under their control as well as a legal requirement to report breaches to my Office.”

Such an update would mean that the federal government would have the same requirements to report data breaches as private companies as legislated by the Digital Privacy Act. Passed into law, the act contains a clause requiring notification of affected individuals and the Privacy Commissioner when a breach occurs. But those laws won’t be enforced until regulations are issued around them.

Therrien also wants to put in place an “explicit necessity requirement” for the collection of personal information by the government in order to prevent “excessive collection” of personal data. Again, this provision is similar to the Digital Privacy Act update that requires organizations to prove consent of a person to collect their data.

Therrien is also looking to upgrade the powers of his office. While he’s not seeking order making power, which is the model for Ontario’s Privacy and Information Commissioner and allows for issuing of punitive financial measures, he is looking to expand the scope of court intervention his office is allowed. Currently, the Privacy Commissioner can only pursue a matter in the Federal Court when it’s a case of denial of access to personal information. That could be extended to include cases involving collection, use and disclosure of personal data.

The new model would be similar to the one recently put in place in Newfoundland and Labrador, Therrien said. There, if a public body in the order receives recommendations from the Commissioner, they are obligated to enact them, or seek a court exemption from doing so.

Therrien is also recommending that the office be allowed to report on matters of privacy to Canadians proactively instead of doing so just once or twice a year and that the Privacy Act should be applied to the officers of Ministers, including the Prime Minister of Canada.

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Brian Jackson
Brian Jacksonhttp://www.itbusiness.ca/
Former editorial director of IT World Canada. Current research director at Info-Tech

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now