The OPC is revisiting its policy position on transborder data flows under the Personal Information Protection and Electronic Documents Act (PIPEDA). This includes not only cross border data transfers between controllers and processors, but also other cross border disclosures of personal information between organizations.

The Office of the Privacy Commissioner will begin to apply these guidelines on January 1, 2019. The release of these guidelines is part of the Office’s work to improve the current consent model under the Personal Information Protection and Electronic Documents Act (PIPEDA)

"This change has been a long time coming. The House of Commons Standing Committee on Access to Information, Privacy and Ethics recommended that PIPEDA be amended to include a breach notification requirement following a review of the legislation that began in 2006"

Ontario’s former privacy commissioner, Ann Cavoukian, said she was shocked by the initiative and said the ability for a government agency to build a massive database of personal banking information raises serious privacy concerns.

New security breach reporting guidelines are set to come into force on November 1st, 2018, compelling organizations to report any security or data breaches that pose significant harm to affected individuals.

Canada’s privacy watchdog has asked the Federal Court to rule on Mountain View search giant Google’s indexing practices as they pertain to the Personal Information Protection and Electronic Documents Act (PIPEDA).

Collected data increases in sensitivity over time when details are combined and related to generate an accurate and complete picture or profile for individual clients.

The experts I spoke with also saw concepts in the GDPR that were naturally complimentary to PIPEDA. Concepts like “accountability” and “privacy by design” could, and perhaps, should be given prominence in legislative amendments to PIPEDA.

It is the responsibility of each business to be compliant with PIPEDA. It is crucial to conduct compliance assessments at each change in protocol, processes, or policies, and to fully understand all that is required of businesses in regard to PIPEDA.

Achieving compliance with GDPR, PIPEDA, or PCI is like reaching a destination, but of the three, only PCI includes a roadmap that leads directly to formal compliance through a linear, finite, and predictable process.