From: Mondaq
by Bradley J. Freedman | Borden Ladner Gervais LLP
On June 10, 2015, the Office of the Privacy Commissioner of Canada issued Interpretation Bulletin – Safeguards to provide non-binding guidance for compliance with statutory obligations to safeguard personal information. The guidance provided by the Interpretation Bulletin is timely in light of the June 18, 2015 enactment of the Digital Privacy Act, which includes amendments (not yet in force) to the Personal Information Protection and Electronic Documents Act that will impose notice, reporting and record keeping obligations in connection with a data security breach that creates a real risk of significant harm to an individual.
STATUTORY SAFEGUARDING OBLIGATION
Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) regulates the collection, use and disclosure of personal information in the course of commercial activities by organizations in all provinces except British Columbia, Alberta and Québec (each of which have substantially similar provincial personal information protection laws) and by organizations that operate a “federal work, undertaking or business” or transfer personal information across provincial borders for consideration. PIPEDA requires compliance with a Model Code for the Protection of Personal Information, which includes Principle 7 – “Personal information shall be protected by security safeguards appropriate to the sensitivity of the information”. The Model Code elaborates on that general principle as follows: (1) the required safeguards must protect personal information (regardless of the format in which the information is held) against loss or theft, as well as unauthorized access, disclosure, copying, use or modification; (2) the nature of the required safeguards will vary depending on the sensitivity of the information, the amount, distribution, and format of the information, and the method of storage; and (3) the safeguards should include physical measures, organizational measures and technological measures.
INTERPRETATION BULLETIN
Leave a Reply