Canada Enacts the Digital Privacy Act | Practical Law
The Canadian Digital Privacy Act (DPA) has been approved, amending Canada’s federal data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA).
The Canadian Digital Privacy Act (DPA) has been approved, amending Canada’s federal data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA).
On June 18, 2015, the Canadian Digital Privacy Act (DPA), Senate Bill S-4, received Royal Assent and came into law. The DPA amends Canada's current federal data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA). The most significant amendment is the addition of mandatory breach notification requirements, which will not go into effect until the Canadian government issues implementing regulations. Among other things, the DPA's amendments to the PIPEDA also include:
A new graduated standard for obtaining valid consents.
Additional exceptions to consent and knowledge requirements.
A revised definition of "personal information" with a specific "business contact" exemption provision.
Enhanced powers of the Canadian Privacy Commissioner, including allowing the Commissioner, in certain circumstances, to enter into compliance agreements with organizations to ensure compliance with the DPA.
Requiring organizations to keep and maintain record of every breach.