Why Rush the Privacy Bill

Recognising that resources are not limitless isn’t exactly rocket science. So what would be the sense in passing a law that would increase the burden on businesses, governments and people during the already labour-intensive year 2000 period? Little, you might say, but the federal government has embarked on a process to do just that.

The federal government, in Part 1 of Bill C-54 (the Personal Information Protection and Electronic Documents Act), seeks to dramatically modernize Canada’s privacy protection laws. Bill C-54 is designed to build consumer confidence by creating clear and predictable rules for the way personal information is collected and used for commercial purposes. On this level its aim is laudable and may even have the effect of encouraging electronic commerce. The potential reach of the Bill, however, is extraordinary. As drafted, it would eventually affect every business in Canada, since every business has some personal information about customers, employees or others, or some need to collect the same. For example, it would appear to contravene the Bill to compile a list of accountants, lawyers, engineers, architects, etc. from publicly available sources for the purposes of marketing to them, unless their consent has first been obtained. Imagine the impact this would have on marketing departments – and on CIOs.

The Bill contains no provision for ‘grandfathering’ personal information already gathered at the time the Bill comes into force. Unless there are substantial changes to the current draft, significant doubts will be raised about the usability of corporate assets composed of market data. This Bill will pose significant challenges for risk allocation in mergers and acquisition transactions. Even where consents were obtained, new consents may need to be obtained to permit unrestricted use after a business combination.

BIG HIT ON SYSTEMS

The systems required to comply with Bill C-54 on a going forward basis will be costly and may require expenditures in the millions of dollars for complex consumer-oriented businesses.

The Bill has received second reading in the House and is now before the Standing Committee on Industry. The Government has announced that it does not intend to proclaim the Bill until the middle of the Year 2000. This means that the development work to implement the system changes will have to be started immediately after it is passed, and completed in the first half of 2000.

While the government has not conceded this as a motive, the official timing of the Bill’s introduction is probably more than a coincidence. It seems to correspond to the effective date of the European Union Directive that requires EU countries to pass legislation prohibiting the transfer of personal information to countries that do not have an adequate level of privacy protection. Given that the EU Directive would apply equally to transfers of information to Canada or the US, it is questionable whether the EU Directive has, at least at present, any significance to Canadian businesses. Query whether further Canadian regulation could put Canadian businesses to a disadvantage in competition with US counterparts.

The merits of a privacy bill can no doubt be debated. There can, however, be little doubt that moving forward this year could spell disaster. Aside from the scarcity of resources caused by the Y2K compliance effort, other factors suggest that waiting is advisable. First, only Portugal, Sweden, the U.K. and Italy have implemented the EU Directive, and Germany and France have not even begun the implementation process. Second, when one considers that the US accounts for about 80 percent of world-wide Internet commerce revenues, the fact that the US government is not moving to introduce privacy legislation that is anywhere near as comprehensive as Bill C-54 suggests that the protection offered by the Bill may be illusory.

Regardless of the Bill’s merit, its timing is questionable. While businesses have no choice but to address Y2K issues this year, the same urgency does not apply to privacy protection. One can only hope that in an environment already strained by Y2K, implementing Bill C-54 is not the proverbial straw that breaks corporate Canada’s back.

Gabe Takach is a partner at the Toronto law firm of Tory Tory DesLauriers & Binnington where he heads up the firm’s technology contracting practice. He can be reached at [email protected]

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now