Private Sector Privacy Laws and policies have been in turmoil for a while in Canada. With the introduction of the GDPR (General Data Protection Regulation) of the European Union, evident inconsistencies have been noted with the provincial and federal regulations associated with public and private sector privacy.
Even though Alberta, British Columbia (BC), and Quebec had already developed their own private sector privacy laws and are now moving quickly to update them to better align with the GDPR, however, where does that leave Ontario?
Federal Law Amendments
With the recent introduction of Federal Bill C-11 in November 2020, new guidelines laid out under the Consumer Privacy Protection Act focus exclusively on compliance, enforcement, and a complete overhaul of the preceding laws and standards. A few of these amendments take account of:
- A new fine framework under which organizations may be penalized up to 5% of their global revenue or $25 million (whichever is greater) for serious wrongdoings
- Privacy Commissioner gets full order-making powers
- New transparency requirements associated with automated decision-making
- Providing Canadians with the freedom to securely transfer their information from one organization to another
- Establishing the Personal Information and Data Protection Tribunal
Provincial Private Sector Privacy Law Amendments
While Bill C-11 does provide clearer guidelines associated with consumer privacy regulations, it is possible that Ontario may follow suit with Quebec, Alberta and British Columbia, by developing their own private sector privacy laws. The Province consulting on this last year! In the meantime, Quebec is on the edge to pass sweeping new privacy legislation and British Columbia and Alberta may not be far behind as they review their own legislation.
Are you interested in what Ontario’s policy may soon look like? Take a quick look at some of the existing privacy law amendments or consultations being projected by Ontario:
Ontario
- Emphasized in recent consultations, Ontario proposes augmented transparency for individuals
- Improved consent provisions that would permit individuals to cancel their permission at any time
- Permit individuals to request their personal data be erased
- Individuals have the right to obtain their data in a standard and portable digital format
- Enhance enforcement powers for the Information and Privacy Commissioner
- Spread out the scope of the law to include non-commercial organizations, such as political parties, trade unions, non-profits, and charities
How Will These Private Sector Privacy Laws Affect You?
At the consumer level, all of these regulation amendments result in peace of mind associated with private information, as well as greater control and autonomy over the use and ease of access of private information by an assortment of industries. At the end of the day, it will permit consumers to look through the privacy policies of each corporation and selectively decide where to carry out their business depending on how detailed and secure a privacy policy is written and carried out.
On the industry side, organizations must be prepared to develop and put into practice a transparent and secure privacy policy prioritizing consumer wellbeing. Organizations must even be aware of the potential for better audits, as the framework for policies shifts away from a compliance model and calls for more stringent penalties.
As privacy regulations continue to focus on more stringent data consent, management, and secure destruction, aligning yourself with a secure data disposal service will make sure your organization remains compliant with ever-changing data privacy regulations.
For more information on the ways TechReset can assist you with your secure data destruction needs with professional and certified Secure Data Erasure services, feel free to give us a call at 905 510 8969 or drop us an e-mail at mark@techreset.com today!