In these times of uncertainty regarding privacy must-dos (read GDPR and Privacy Shield), Canada offers us another set of rules to prepare for in the Digital Privacy Act. Passed in June 2015, much of the Digital Privacy Act is already defined and in place. One main component though, the breach notification rule, is under consultation and still somewhat of an unknown. Despite some level of uncertainty, it is still possible to prepare for compliance.
The April TRUSTe Client Advisory Note was prepared by Margaret Alston CIPP/G/C/M from the TRUSTe Privacy Consulting Group and reviews the key changes in the Act which include:
- Definition of “valid consent.”
- Compliance Agreements as an enforcement option for Commissioners
- Broadening of allowable public disclosures by the Commissioner
- Scope of PIPEDA – including but not limited to the exclusion of business contact information
- Exceptions to consent requirements, such as for fraud prevention purposes
- Extension of time limits for court applications from 45 days to 1 year
- Breach notification, reporting, and record keeping (not yet in effect)
The Advisory then covers in more detail how companies can prepare now for the new data breach notification changes.
If you would like to review this latest Client Advisory Note then look out for your copy on e-mail today or contact TRUSTe on 1-888-878-7830.