The annual Office of the Privacy Commissioner report on Privacy and Data Protection starts with bill c-27. The report says the OPC is already taking steps to prepare for changes included in the bill. To better understand these changes let’s look at what is in c-27
The bill will enact a new Consumer Privacy Protection Act (CPPA); a new Artificial Intelligence and Data Act and update existing PIPEDA to focus solely on electronic data as the Electronic Documents Act. These are necessary steps for modernizing the government’s approach to privacy and data protection. One notable update includes requiring a Privacy Management Program with closer alignment to Global Data Protection Regulations (GDPR) principles. C-27 will also require the assessment of an AI system’s impact based on personal data collected; potential violations of the Canadian Human Rights act, or causing harm to an individual in the form of physical, psychological, damage to property or economic loss. An administrative tribunal will be established as an appeals mechanism in response to public expectations of meaningful enforcement.
The report provides real life examples into potential vulnerabilities and steps businesses should take to prepare and protect themselves. The leading cause of breaches involved unauthorized access (65%) by external actors; employees viewing information without authorization; inappropriate usage and misdirected communications and disclosures resulting from a failure of technical safeguards and system vulnerabilities. These are powerful reminders of impactful actions every business should take to secure personal data such as training, monitoring, third party agreements and only collecting necessary data. An incident response plan can quickly and effectively reduce the impact of a data breach and allow organizations to operate confidently in our online world.
Another highlight is the number of important cooperative initiatives and organizations. This confirms a common global goal to establish high standards and best practices to enforce citizens’ privacy rights. At the international and country level these goals are advanced through effective education of businesses and the public; sharing knowledge to work more efficiently and collaboratively finding practical solutions to manage cross boundary challenges, risks and offenders.
For more detail check out the blogs on our Linked In page