Bill C-580: Proposed amendments to the Privacy Act

There are currently proposed amendments to the Privacy Act which make a number of changes. One is providing an open-ended list of what constitutes “harm” to individuals with respect to data breaches. It also provides for enhanced powers to the Privacy Commissioner of Canada to impose penalties on the government such as having the ability to order compliance with the Act within established time periods. The Bill particularly includes greater obligations to inform the Commissioner and then individuals of data breaches, bringing it more in line with other legislation. These enforcement powers would appear to be useful and give more teeth to the Commissioner’s activities. Furthermore, there is an obligation for Parliament to review the Act every 5 years. However, this is only a private member’s bill and the Member of Parliament Charmaine Borg had previously been shot down in making similar amendments to PIPEDA. Furthermore, the effect of non-compliance is not very clear, only stipulating that the order will be recorded on the Commissioner’s website. This helps transparency, but does not particularly provide sanction for non-compliance unless it is inferred. For the above reasons, I am not optimistic that the bill will have much effect, although I am curious what the rest of you think: i.e. are the proposed amendments positive and are they likely to have a great impact?

http://www.parl.gc.ca/LegisInfo/BillDetails.aspx?Language=E&Mode=1&billId=6475960