This morning, in her final address as Privacy Commissioner, Jennifer Stoddart advocated for amendments to thePersonal Information Protection and Electronic Documents Act (PIPEDA) at the International Association of Privacy Professionals’ (IAPP) Symposium.
Noting that the Privacy Commissioner’s current power is primarily the ability to bring about “public shame” for offending companies, a series of changes are recommended to ensure the Act “can evolve into a more modern personal information protection law that mirrors improvements and strengths of other data protection laws in Canada and internationally, thereby ensuring that Canadians’ personal information is protected in the digital economy.” (http://www.priv.gc.ca/parl/2013/pipeda_r_201305_e.pdf)
Proposed amendments include the following:
• Stronger enforcement powers: allow for statutory damages to be administered by the Federal Court, give the Commissioner the power to make orders or to impose administrative monetary penalties; or a combination of the above;
• Mandatory reporting: require organizations to report breaches of personal information to the Commissioner and to notify affected individuals to ensure that mitigating measures can be taken in a timely fashion;
• Increased transparency: require organizations to publicly report on the number of disclosures they make to law enforcement under paragraph 7(3)(c.1), without knowledge or consent, and without judicial warrant, in order to track the frequency and use of this extraordinary exception; and,
• Increased accountability: modify the accountability principle in Schedule 1 to include a requirement for organizations to demonstrate accountability upon request, to incorporate the concept of “enforceable agreements”; and to make certain accountability provisions subject to review by the Federal Court. (http://www.priv.gc.ca/parl/2013/pipeda_r_201305_e.pdf)
Commissioner Stoddart closed with her belief that these amendments should be welcomed by privacy professionals. We agree.