Canada Enacts the Digital Privacy Act | Practical Law

Canada Enacts the Digital Privacy Act | Practical Law

The Canadian Digital Privacy Act (DPA) has been approved, amending Canada’s federal data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA).

Canada Enacts the Digital Privacy Act

Practical Law Legal Update 6-616-7335 (Approx. 3 pages)

Canada Enacts the Digital Privacy Act

by Practical Law Intellectual Property & Technology
Published on 24 Jun 2015Canada (Common Law)
The Canadian Digital Privacy Act (DPA) has been approved, amending Canada’s federal data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA).
On June 18, 2015, the Canadian Digital Privacy Act (DPA), Senate Bill S-4, received Royal Assent and came into law. The DPA amends Canada's current federal data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA). The most significant amendment is the addition of mandatory breach notification requirements, which will not go into effect until the Canadian government issues implementing regulations. Among other things, the DPA's amendments to the PIPEDA also include:
  • A new graduated standard for obtaining valid consents.
  • Additional exceptions to consent and knowledge requirements.
  • A revised definition of "personal information" with a specific "business contact" exemption provision.
  • Enhanced powers of the Canadian Privacy Commissioner, including allowing the Commissioner, in certain circumstances, to enter into compliance agreements with organizations to ensure compliance with the DPA.
  • Requiring organizations to keep and maintain record of every breach.