Data Breach Notice, Anti-Spam Laws Proposed in Canada

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

Proposed privacy legislation introduced on May 25, 2010 in the Canadian Parliament would create an obligation for Canadian businesses to notify the government and, in some cases, individuals of data security breaches and would place new restrictions on Internet and wireless spam.

Bill C-29 would add provisions to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) (CCH Privacy Law in Marketing ¶42,200) to require organizations to report material breaches of data security safeguards to the Privacy Commissioner. Organizations would have to notify individuals of data security breaches only when such breaches create a risk of significant harm.

Disclosure of Personal Information

In addition, the measure would amend PIPEDA to permit the disclosure of personal information without the knowledge or consent of the individual for the purposes of:

(1) Identifying an injured, ill, or deceased individuals and communicating with their next of kin;

(2) Performing police services;

(3) Preventing, detecting, or suppressing fraud; and

(4) Protecting victims of financial abuse.

Spam, Spyware

Another bill (Bill C-28) proposes the enactment of a new statute, the “Fighting Internet and Wireless Spam Act.” That legislation would prohibit the sending of commercial electronic messages without the prior consent of the recipient and would provide rules governing the sending of such messages, including a mechanism for the withdrawal of consent.

The statute would also prohibit the alteration of data transmissions and the unauthorized installation of spyware programs on computers. Violations would be subject to administrative monetary penalties by the Canadian Radio-television and Telecommunications Commission. Persons affected by violations would be able to bring a private action for actual and statutory damages.

Bill C-28 also would amend PIPEDA to prohibit the collection of personal information by means of unauthorized access to computer systems, as well as the unauthorized compilation of lists of electronic addresses.

“Canadian shoppers should feel just as confident in the electronic marketplace as they do at the corner store,” said Minister of Industry Tony Clement.

“With today’s two pieces of legislation, we are working toward a safer and more secure online environment for both consumers and businesses—essential in positioning Canada as a leader in the digital economy,” he added.