International Top 30 position: 4

Canada’s digital privacy rethink: fines, enforceable compliance agreements and more

By Tim Banks

On 8 April 2014, Canada’s government introduced Bill S-4, the Digital Privacy Act, in the Senate. Bill S-4 is the federal government’s latest attempt to reform the federal Personal Information Protection and Electronic Documents Act (PIPEDA). It would be a mistake to say that it is largely recycled from the government’s last attempt to reform PIPEDA in 2011 through Bill C-12, which died on the order paper. Here’s what’s different, what’s been dropped and what seems to be largely the same. Caveat: this is a first read.

What’s different?
Fines for failure to record and report breaches:
First the big news: the government is proposing that it would be a criminal offence for an organisation to knowingly fail to keep prescribed records for breaches or to knowingly fail to report breaches in compliance with PIPEDA. These offences would be punishable by fines of CAD100,000 (£54,600) (indictable offence) and CAD10,000 (summary conviction). To facilitate this provision, the commissioner may disclose breach records and reports to law enforcement or the Public Prosecution Service of Canada for investigation and prosecution.

Records of breaches: Organisations must keep and maintain records of any breaches of security safeguards and provide those records to the commissioner on request…

Click on the link below to read the rest of the Dentons briefing. 

Briefings from Dentons

View more briefings from Dentons

Analysis from The Lawyer

View more analysis from The Lawyer


1 Fleet Place

Turnover (€m): 209.5
Lawyers: 760
Partners: 183
Jurisdiction: Europe