Digital Privacy Act Is Now Law
"The Digital Privacy Act (Bill S-4) passed into law, introducing (among other things) significant fines and mandatory breach notification (not yet in force) into the Personal Information Protection and Electronic Documents Act (PIPEDA). Organizations which handle personal information in the course of their commercial activities will want to undertake a review of their privacy policies and security safeguards. In light of the new power to levy significant monetary penalties, boards of directors may want to review their organization 's allocation of risk around these issues. There are four areas that will be of significant concern to organizations: consent, mandatory breach notification, penalties and confidentiality. The Digital Privacy Act modernizes the ""business contact"" carve-out from the definition of personal information."