It looks like 2020 might be the year where Canada catches up in the realm of privacy and data protection laws. These will likely have a ripple effect throughout the workplace.
Mandates Letters
In December 2019, PM Trudeau sent mandate letters to the Minister of Innovation, Science and Industry, the Minister of Justice and the Minister of Canadian Heritage asking them to get to work on enhancing the protection of Canadians’ personal information.
The mandate letters focused on asking the various Ministers to work towards advancing Canada’s May 2019, Digital Charter (“the Charter”). The Charter sets out ten principles intended to address and respond to the impact of the digital revolution on Canadians and the Canadian economy.
The government’s website sets out these principles and various action items in an accessible way on their website. Here are a few highlights:
- Universal Access
- Control and Consent
- Safety and Security
- Transparency, Portability and Interoperability
- Strong Enforcement and Real Accountability
Enacting these principles will require some legal teeth, which is where the mandate letters come in.
Warnings from the Privacy Commissioner
The Office of the Privacy Commissioner of Canada warned in his 2018-2019 Annual Report to Parliament on the Privacy Act and the Personal Information Protection and Electronic Documents Act that “the world is now passing us by” when it comes to privacy protections.
Rapid change has never been a forte of governments and it has evidently been difficult for governments the world over to keep pace with the changes the digital age has brought. We are reminded of the bizarre questions asked by some members of the US congress during the Facebook hearings over Cambridge Analytica. Some members were still clearly in the stage of digital infancy, learning to use their email.
What to Expect
So what can we expect to come from Trudeau’s mandate letters? Much of Canada’s patchwork privacy law speaks to best practices – these could be replaced with enforceable rights and real obligations. Changes could include the right for privacy commissioners to conduct privacy inspections, issue orders and more easily enforce financial penalties.
While no definite timeline has been set for re-vamping Canada’s privacy legislation, doing so has been called “a top priority.” Public consultations are expected and “targeted stakeholder engagement” has begun.
Data breaches are becoming more and more common. While complying with changing privacy laws will remain essential, organizations may also want to think beyond legal compliance and be proactive when it comes to privacy and data protection.