On November 17th Navdeep Bains, the Minister of Innovation, Science and Industry, introduced Bill C-11, the Digital Charter Implementation Act, 2020. Bill C-11 seeks to modernize Canadian privacy legislation through the introduction of the new Consumer Privacy Protection Act (“CPPA”) and the creation of a new enforcement tribunal through the Personal Information and Data Protection Tribunal Act (“PIDPT”). This represents a significant overhaul of the existing Personal Information Protection and Electronic Documents Act (“PIPEDA”) that governs privacy in the private sector.
The proposed legislation introduces new record keeping and data management concerns for companies. In particular,
Beyond these sections, Data data management will also be impacted by the rights to data portability (the right to transfer personal information from one organization to another) and data disposal (the right to request permanent deletion of personal information), as well as the new data de-identification obligations, particularly as applied to the sharing of information in prospective business transactions.
When the Bill is passed, it will be crucial for companies to review their privacy practices and data governance plans. These changes come with teeth – the maximum penalty for violations is the higher of $25,000,000 or 5% of the organization’s gross global revenue. This is notably higher than the 4% maximum penalty imposed by the EU General Data Protection Regulation (“GDPR”), and on par with the recent draft Personal Data Protection Law in China.
Being able to identify and locate personal information, and automating this process, will be the key to ensuring compliance with these new laws. Contact MT>3 (Susan Wortzman or Gordon Lee) to discuss how to plan and update your data governance strategies and learn more about the technological tools that exist to help this process.
For more analysis on the new Bill and its changes, please see the McCarthy Tétrault TechLex blog post: Hello CPPA & PIDPT: The Federal Government Proposes Dramatic Evolution of PIPEDA.
Who's Who Legal recognized three MT>3 e-Discovery practitioners as part of the Canada 2020 national guide: Susan Wortzman, Chuck Rothman and Michael Lalande. Special congratulations to Michael Lalande for his addition to this list. WWL: Canada pinpoints the most highly regarded firms and individuals in the country.
With three e-Discovery practitioners listed, MT>3 is the most recognized Canadian e-Discovery firm for 2020.
GEDmatch is an online service to compare DNA data files from different testing companies such as My Heritage. GEDmatch was notably used by law enforcement to identify a suspect in the Golden State Killer case in California in 2018.
On July 22, 2020, GEDmatch experienced a security breach orchestrated through a sophisticated attack on one of their servers via an existing user account. As a result of this breach, all user permissions were reset, making all profiles visible to all users and users who did not opt-in for law enforcement matching were available for law enforcement matching.
This is yet another way that thieves targeting the more vulnerable “armoured car” instead of the bank to leak data.
Contact us to learn more about how to protect your organization's data from both direct and indirect data breaches.
Michael Lalande, e-Discovery Associate