Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
This article, which reviews the Canadian Consumer Privacy Protection Act, first seeks to identify the delta between the Act and PIPEDA in order to allow privacy officers of organizations that are already PIPEDA compliant to identify the net new compliance requirements under the Act and second, to highlight the provisions of the Act which, if breached, could lead to the imposition of significant fines.
In June 2022, Bill C-27, or “An Act to enact the Consumer Privacy Protection Act (the Act) and, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts” (Bill C-27) was introduced by the Minister of Innovation, Science and Industry, and underwent First Reading, as a replacement to the federal Personal Information Protection and Electronic Documents Act (PIPEDA). (This is in fact the second effort by the federal government to enact this replacement to PIPEDA. In 2021, Bill C-11 (An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts) — the mooted replacement for PIPEDA — passed Third Reading of the legislative process, but Canada then had a federal election, and as a result Bill C-11 died prior to being enacted.) Prior to the introduction of the Act, there were concerns that it would effectively be a “’Made in Canada’ GDPR”. However, while the Act has taken the lead from the EU General Data Protection Regulation in introducing financially enormous penalties, as well as the right of data portability and the right to be forgotten, enough of the original PIPEDA remains such that the Act is now effectively a PIPEDA/GDPR hybrid.
Continue reading by getting
started with a subscription.
China Finalizes New Regulations to Relax Personal Data Exports from China
By Lindsay Zhu, Scott Warren, Haowen Xu and Charmian Aw
Nearly six months after the Cyberspace Administration of China (CAC) was first introduced for public consultation, the much-awaited final rules on Regulating and Facilitating Cross-border Data Flows were published and came into effect on March 22, 2024. The New Regulations largely repeat the Draft Regulations, but now have further relaxed personal data exports from China.
Unraveling The American Data Privacy Patchwork: Will the American Privacy Rights Act Succeed?
By Michael McLaughlin and Andria Adigwe
As the focus on protecting personal data continues to grow with the ever-widening adoption of artificial intelligence (AI) tools, exponential increases in the number and breadth of data breaches, and growing awareness of the risk posed by data brokers, the time appears right for a U.S. federal data privacy regulation to succeed in Congress. But is the new American Privacy Rights Act that regulation?
The Perfect Storm: Why Contract Hiring In Privacy Will Eclipse Direct Hiring In 2024
By Jared Coseglia
With significantly fewer fully remote positions available in 2023, active job seekers were faced with the question of whether to begin considering compromises on work-from-home flexibility or compromise in other areas like compensation, vertical mobility, quality of life, or employment modality.
Lessons for CISOs from the SolarWinds Breach and SEC Enforcement
By Daniel Garrie, David Cass and Jennifer Deutsch
In an era where digital threats loom large, the responsibilities of Chief Information Security Officers have expanded beyond traditional IT security to encompass a broader governance, risk management, and compliance role. The infamous SolarWinds Corp. attack illustrates the complex cybersecurity landscape CISOs navigate.