Quebec introduces most consumer-friendly privacy law in Canada

Quebec introduced sweeping changes to its privacy regime, making it the most consumer-friendly privacy law in Canada by giving individuals much greater control over their privacy while compelling private and public sector organizations to implement onerous prescriptive obligations that will be challenging to fulfil within two years, according to privacy experts.

The major overhaul, heavily influenced by the 2018 European Union’s General Data Protection Regulation (GDPR), introduces new privacy rights such as data portability rights and the right to be forgotten, new accountability and governance requisites, and new rules for the outsourcing and transfer of information outside Quebec. It also institutes new mandatory breach notification requirements, mandatory privacy impact assessments, clarifies consent requirements for collection, use or release of personal information, and significantly raises potential fines for violations.

Continue reading “Quebec introduces most consumer-friendly privacy law in Canada”

Privacy commissioner launches consultation on artificial intelligence

The chief executive of Alphabet and Google made it plain. Artificial intelligence needs to be regulated. It is too important not to, wrote Sundar Pichai in a Financial Times opinion piece.

“The only question is how to approach it,” said Pichai succinctly.

That’s what the Office of the Privacy Commissioner of Canada (OPC) is grappling with as well.

Continue reading “Privacy commissioner launches consultation on artificial intelligence”

Most U.S. & EU companies still not prepared for new privacy law

The majority of European and American firms are not yet ready to comply with the European Union’s General Data Protection Regulation (GDPR), reveals a recent report.

Many organizations fail to give the GDPR the attention it deserves, according to Seizing the GDPR Advantage: From Mandate to High-Value Opportunity,” a report by France-based legal tech consultant Capgemini that surveyed 1,000 executives and 6,000 consumers.

The report notes that nearly one in five organizations fail to make the GDPR a top priority, 31 per cent feel that the sole purpose of their program is to comply with the mandate by the deadline, and only 28 per cent see the GDPR as an opportunity to gain consumer trust and competitive advantage, in addition to being a compliance mandate. Moreover, it reveals that 51 per cent of organizations are either lagging or feel they will be only partially compliant by the deadline.

The report underscores that there is a “significant perception gap” between organizations and consumers around consumer data privacy and security performance. A staggering 80 per cent of executives believe that consumers trust their organization with the privacy and security of personal data. Consumers have a different take: only 52% of consumers agree with executives.

“This overconfidence can blind organizations to the improvements they need to make in data practices and prevent sufficient investment,” said the report. “Such organizations will eventually lose out as consumers increasingly demand a best in-class data protection experience.”

The global tech consultant leader strongly argues that GDPR is in fact a new opportunity waiting to be tapped but only for “organizations that get it right.” Besides enhancing employee loyalty, it maintains that consumers are “more willing to engage with organizations that protect data.”

When consumers are convinced that an organization is protecting their personal data in line with the GDPR mandate, nearly half would share their positive experiences with friends and family. Just as importantly, more than one in three consumers (39 per cent) will spend more with an organization when convinced that the organization protects their personal data.

More ominously, over 70 per cent of consumers said they are prepared to decrease spend and stop doing business with organizations in breach of GDPR compliance. In addition, 64 per cent of consumers said they are likely to request non-EU companies to delete their data if they find organizations non-compliant once the GDPR comes into effect.

Ashley Madison agrees to US$1.7 million settlement

A month after the parent company of the controversial adult dating website Ashley Madison settled a complaint with the U.S. Federal Trade Commission and state charges over the 2015 data breach that exposed the personal data of more than 36 million users and highlighted the site’s unfair and deceptive practices, the firm is now trying to thwart 20 class actions against it by invoking online arbitration agreements the plaintiffs signed when they subscribed to its matchmaking services.

Continue reading “Ashley Madison agrees to US$1.7 million settlement”

Quebec chips away at government transparency

Quebec, once a pioneer that lead the movement towards greater government transparency, is now among the least transparent provinces in Canada after successive provincial governments introduced more than 150 legislative exemptions that undermined the province’s access to information legislation, according to a recently published comprehensive report by Quebec’s Commission d’accès à l’information.

With Quebec ranking 10th out of 14 jurisdictions in Canada, and 57th in the world, behind Honduras and Romania, the Quebec government should overhaul the provincial access to information legislation to compel all public bodies, even those partially financed by the provincial government, to be subjected to the access to information law, noted the 214-page, five-year report that issued 67 recommendations. The Commission, which also oversees provincial privacy legislation, also called on the Quebec government to beef up privacy protection measures.

“The access to information law has not been the subject of a thorough reform in 35 years, and the privacy legislation in 22 years,” remarked Diane Poitras, the Commission’s vice-president. “It’s time to re-establish the balance between the rights of citizens — who are calling for greater transparency and stronger privacy protection measures — and the needs of business and government organizations to collect and use” — and in some cases safeguard — information.

Continue reading “Quebec chips away at government transparency”

Federal privacy watchdog examines consent model

Federal privacy watchdog examines consent model

The consent model, the cornerstone behind the federal legislation that governs how private sector organizations may collect, use or disclose personal information in the course of commercial activities, is under the microscope after the Office of the Privacy Commissioner of Canada (OPC) published a consultation paper that examines its viability in today’s digital information ecosystem.

Continue reading “Federal privacy watchdog examines consent model”

Health & life insurance industry intend to ignore privacy commissioner’s recommendations over genetic testing

A call by Canada’s privacy watchdog to the life and health insurance industry to voluntarily refrain from requesting clients for access to existing genetic test results is going to be ignored, setting the stage for a divisive debate over access and the use of such personal information.

Continue reading “Health & life insurance industry intend to ignore privacy commissioner’s recommendations over genetic testing”

Workplace privacy: “People don’t understand”

Workplace privacy, an issue few seriously thought about even a decade ago, has become a conundrum for employers. The ubiquitous presence of mobile technology, the explosive evolution of social media coupled with shifting and seemingly contradictory attitudes towards privacy as well as an evolving legal landscape have left in-house counsel in a quandary. Even outside of work, questions linger around the scope of employee privacy and the extent to which employers can keep tabs on employees.

Continue reading “Workplace privacy: “People don’t understand””

Canada’s privacy commissioner calls into question ombudsman model

On the eve of a statutory five-year review of the legislation governing federally-regulated private-sector organizations, the Privacy Commissioner of Canada is openly calling into question the effectiveness of the ombudsman model to regulate private-sector practices for the protection of personal information in light of the recent spate of high-profile data breaches that have compromised the personal information of Canadians.

Continue reading “Canada’s privacy commissioner calls into question ombudsman model”