Big Changes Are Coming for Privacy Legislation in Canada
Privacy policies have been in turmoil for a while in Canada. With the introduction of the European Union’s General Data Protection Regulation (GDPR), obvious discrepancies have been noted with the federal and provincial regulations related to private and public sector privacy.
Quebec, British Columbia (BC), and Alberta had already developed their own private sector privacy laws and are now moving quickly to update them to better align with the GDPR. But where does that leave Ontario?
Federal Law Changes
With the recent introduction of Federal Bill C-11 in November 2020, new guidelines laid out under the Consumer Privacy Protection Act focus specifically on compliance, enforcement, and a complete overhaul of the previous laws and standards. Some of these changes include:
- Establishing the Personal Information and Data Protection Tribunal
- Providing Canadians with the freedom to securely transfer their information from one organization to another
- New transparency requirements related to automated decision-making
- Privacy Commissioner receives full order-making powers
- A new penalty framework under which organizations may be fined up to 5% of their global revenue or $25 million (whichever is greater) for serious offences
Provincial Law Changes
While Bill C-11 does provide clearer guidelines related to consumer privacy regulations, it is possible that Ontario may follow suit with BC, Alberta and Quebec, by developing their own private sector privacy laws. The Province consulting on this last year. In the meantime, Quebec is poised to pass sweeping new privacy legislation and Alberta and BC may not be far behind as they review their own legislation.
Interested in what each province’s policy may soon look like? Take a look at some of the current privacy law amendments or consultations being proposed by each province:
How Will This Affect You?
At the consumer level, all of these regulation changes lead to peace of mind related to private information, as well as greater control and autonomy over the use and accessibility of private information by a variety of industries. Ultimately, it will allow consumers to look through each corporation’s privacy policies and selectively choose where to conduct their business based on how thorough and secure a privacy policy is written and conducted.
On the industry side, organizations must be prepared to develop and implement a secure and transparent privacy policy prioritizing consumer wellbeing. Organizations must also be aware of the potential for increased audits, as the framework for policies shifts away from a compliance model and calls for stricter fines.
As privacy regulations continue to focus on stricter data consent, management, and secure destruction, aligning yourself with a secure data disposal service will ensure your organization remains compliant with ever-changing data privacy regulations.
For more information on how Greentec can assist you with your secure data destruction needs, please reach out on our website or call 1-888-858-1515 to speak to our sales team.
CASE STUDY
How the University of Waterloo & Greentec are leading the way in asset disposal
UW partnered with Greentec, whose tailored solutions ensured secure data destruction, environmental responsibility, and regulatory compliance, to collaboratively transform its IT asset disposal process.