Canada's new privacy bill lacks teeth


A new bill known as the Safeguarding Canadians’ Personal Information Act, currently passing through Parliamentary approvals, is set to extend Canada’s existing privacy legislation.  The bill will force organizations to both report any data breach to the Privacy Commissioner and to notify individuals affected by the breach, “if the organization believes that the breach creates a real risk of significant harm to the individual.”

Michael Collins

But while the sentiment behind this bill – increased transparency when data breaches occur – is sound, the bill lacks teeth. 

Individuals will only be notified if the organization believes there is a need – the risk is that businesses simply won’t want to come clean and face losing not just one angry customer, but potentially hundreds should the news spread through social and traditional media channels.

 In addition, the threat of financial penalties is notably absent from the bill, so where is the business incentive to comply?

This bill’s focus on additional transparency around data security should be welcomed by businesses and consumers alike.  But while increased safeguards around data protection make sense for all concerned, there must be an element of enforcement if organizations are to improve the way they handle and store customer data.

With 2010 marking the tenth anniversary since the introduction of PIPEDA (the act states that businesses must destroy, erase or make anonymous personal data that is no longer needed), businesses are still failing to comply and it is inevitably only a matter of time before international leaders including Canada’s Privacy Commissioner Ms. Jennifer Stoddart crack down on businesses that continue to disregard the law. 

According to Shred-it client research, only 50 per cent of Canadian companies use document destruction services as a direct result of government regulation, and only 68 per cent of organizations have official guidelines for document destruction.   Plus according to a recent poll conducted by EKOS for the Office of the Privacy Commissioner of Canada, 42 per cent of businesses surveyed are not concerned about security breaches.

While doubts remain on whether the government will be able to enforce its new privacy measures, business should prepare themselves to answer the following questions:   

What is the state of my organization’s data security program? Are we meeting current government regulations? Are we prepared to meet new measures being prepared by the government?

 For some tips on keeping data safe read:  G20 Summit: Business data security in the ‘Zone’

 For more on privacy issues read: 

Why Privacy is Good for Business

 Facebook falls short of privacy obligations to Canada, says law group

Michael Collins is the vice president for sales at Shred-it Canada. If you are interested in a full Data Security Audit from Shred-it, please call 905-465-4288.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Blogger Spotlight

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.