Franchise Review Oct 2013 - Manitoba Becomes the Fourth Province to Enact Private Sector Privacy Law


On September 13, 2013, Manitoba’s Personal Information and Identity Theft Prevention Act (PIITP) received royal assent. Under the authority of the Manitoba Ombudsman’s Office, this legislation, once in force, will govern the collection, use and disclosure of personal information, including that of employees, by all organizations, including franchisors and franchisees.

While the new legislation will not significantly affect the privacy obligations of franchisors and franchisees who are already subject to Canada’s federal private sector legislation, of particular significance are obligations regarding privacy breaches (not currently addressed in the federal legislation); the handling of employees’ personal information; the collection, use and disclosure of business contact information; the use of electronic consents; the collection of personal information from third parties or sources; and consent by minors.

Failure to comply with PIITP may result in fines of up to $100,000. Consumers may also commence a private right of action against an organization for failing to protect personal information in its custody or control, or for a failure to provide notice of a security breach, as required under PIITP. Contrast this with the absence of any fines or private right of action in the federal legislation.

How It Affects Your Business

As a result of the passage of PIITP, franchisors with a national presence in Canada, and particularly those with franchises, employees or customers in Manitoba, should undertake a detailed review of their privacy policies and practices to ensure compliance with PIITP before it comes into force. Franchisors and franchisees should consider:

  • implementing a notification protocol for data breaches that meets the requirements of PIITP
  • reviewing existing consent practices to ensure that electronic consents remain valid
  • reviewing existing practices relating to the exchange of personal information within the franchise system (i.e., between franchisor and franchisees)
  • reviewing and revising internal policies on the collection, use and disclosure of personal information of employees
  • amending privacy policies and practices to address collections from third parties or sources and to provide consumers with a reasonable opportunity to opt out


Topics:  Canada, Data Breach, Data Collection, Franchises, Franchisors, Personally Identifiable Information, Privacy Laws

Published In: General Business Updates, Franchise Updates, Labor & Employment Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Osler, Hoskin & Harcourt LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »