Insurance Insights

Privacy Commissioner announces shift in enforcement model for Canada’s privacy laws


At a press conference held in September 2017, the Privacy Commissioner announced plans to adopt a new approach towards enforcement of Canada’s privacy regulations.

Historically, the Office of the Privacy Commissioner’s enforcement activity has been based on a reactive model, taking action in response to complaints. The Commissioner intends to address enforcement proactively moving forward, identifying privacy issues without them being reported.

The Commissioner will pursue changes to the Personal Information and Electronic Documents Act  (PIPEDA) to allow him more authority for imposing orders and penalties. Additionally, rather than await PIPEDA changes to be implemented, the Commissioner will be taking immediate action, which would include employing compulsory audits to uncover privacy issues, updating existing guidance for online privacy notices and developing new guidance for privacy protection.

The Commissioner will bear responsibility for the enforcement of mandatory breach reporting and notification that is expected to come in 2018. You can read more about the proposed regulations in this previous article.

With government enforcement ramping up and new regulations to come, it is more important than ever to understand your organization’s obligations for privacy protection and ensure you have the appropriate measures in place to be in compliance.


For further information and resources on risk management and insurance, please contact us.

Source: “Privacy Commissioner Gearing Up for Tougher Enforcement” by Imran Ahmad and Kathryn M. Frelick at Miller Thomson LLP (October 5, 2017).

Get an Insurance Quote Today!