This week, the Canadian government proposed new legislation in Bill C-11, or the Digital Charter Implementation (the ACT), which includes some hefty fines for companies for violations – up to 5 percent of their revenue or C$25 million, whichever is higher. The Act would increase protections for Canadians’ personal information by giving citizens more control and greater transparency from companies handling their information. The Act addresses consent, data portability, consumer control over their “online identity” and disposal of personal information, as well as de-identification rules. A Fact Sheet about this proposed law outlines the effect on Canadian citizens and their privacy rights.

This Act would update the existing federal Canadian privacy law (i.e., the Personal Information Protection and Electronic Documents Act, or PIPEDA) by requiring a privacy management program that is submitted to the Office of the Privacy Commissioner upon request.

This revamp from the Canadian government possibly stems from the challenge to international data flows in the recent Schrems II decision in the European Union and as the U.S. considers its own federal privacy legislation once again.

Part of the Bill also includes the introduction of the Personal Information and Privacy Protection Tribunal Act (PIPPTA), which seeks to establish a faster path for enforcement of orders of the Office of the Privacy Commission and expand the office’s role and implement strong enforcement.

We will watch this closely as it progresses.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.