Parliament Watch: Proposed PIPEDA Amendments Languish



Canada’s House of Commons has recessed. Members of Parliament aren’t scheduled to return until September 17, 2012. By then, Bill C-12, An Act to amend the Personal Information Protection and Electronic Documents Act (short title: Safeguarding Canadians’ Personal Information Act) will have been on the order paper for almost a year, having been introduced in the House of Commons on September 29, 2011. The Bill doesn’t appear to be moving any quicker than its predecessor, which died when Parliament was dissolved in March 2011.

Bill C-12 would give effect some of the legislative reforms recommended following the last 5-year review of PIPEDA (which happened more than 5 years ago!). If the Bill could ever get some traction and make it into force, it would (among other things):

  • Create a new definition of “business contact information“. “Business contact information” is defined as an individual’s name, position or title, work address, work telephone number, work facsimile number, work e-mail address and any similar information about the individual. This information would not be subject to PIPEDA if the business contact information is collected, used or disclosed solely for the purpose of communicating or facilitating communication with the individual in relation to their employment, business or profession. Although still an important reform, the regulation of the use of this information (particularly e-mail addresses) may be overtaken for practical purposes by Canada’s Anti-Spam Legislation (CASL) when that legislation comes into force. My colleague, Margot Patterson, has some excellent explanations of CASL on this blog.
  • Specify that consent means informed consent. Consent to collection, use or disclosure of their personal information is valid only if “it is reasonable to expect that the individual understands the nature, purpose and consequences of the collection, use or disclosure to which they are consenting”.
  • Provide for broader disclosure exceptions for law enforcement purposes. Organizations would be permitted to disclose personal information without consent where the disclosure is requested “for the purpose of performing policing services”. ”Policing services” is undefined. Organizations would also be permitted to disclose information to other organizations (not just government institutions) to investigate a breach of an agreement or the laws of Canada or province or, in certain circumstances, to prevent, detect or suppress fraud.
  • Add a prospective business transaction exception. Businesses could disclose personal information to determine whether to proceed with a business transaction (such as a merger or asset sale) and then to complete it.
  • Enact breach notification provisions. Organizations would be required to notify the Privacy Commissioner of a material breach of security of personal information. In addition, organizations would be required to notify the affected individuals if it is reasonable to believe that the breach creates a real risk of significant harm to the individual.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dentons | Attorney Advertising

Written by:


Dentons on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.