The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar



Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Wednesday, October 28, 2009

Amendments to PIPA tabled, including breach notification and regulation of export of personal information 

Yesterday (October 27, 2009), the Alberta Government introduced Bill 54, the Personal Information Protection Amendment Act, 2009. The Bill includes notification requirements for export of personal information to a service provider outside of Canada and breach notification. The principal export provision is:
Notification respecting service provider outside Canada

13.1(1) Subject to the regulations, an organization that uses a service provider outside Canada to collect personal information about an individual for or on behalf of the organization with the consent of the individual must notify the individual in accordance with subsection (3).

(2) Subject to the regulations, an organization that, directly or indirectly, transfers to a service provider outside Canada personal information about an individual that was collected with the individual’s consent must notify the individual in accordance with subsection (3).

(3) An organization referred to in subsection (1) or (2) must, before or at the time of collecting or transferring the information, notify the individual in writing or orally of

(a) the way in which the individual may obtain access to written information about the organization’s policies and practices with respect to service providers outside Canada, and

(b) the name or position name or title of a person who is able to answer on behalf of the organization the individual’s questions about the collection, use, disclosure or storage of personal information by service providers outside Canada for or on behalf of the organization.

(4) The notice required under this section is in addition to any notice required under section 13.

Permitted "as required by law" disclosures are now limited to required by Canadian or Alberta law. The breach notification provisions require notice to the Commissioner and the Commissioner may order that individuals be notified. I'm sure we'll be hearing more about this. Here's an extract from yesterday's Hansard:

ISYSweb 8 Search Results for Bill 54

Bill 54

Personal Information Protection Amendment Act, 2009

Mr. Denis: Thank you very much, Mr. Speaker. I rise to introduce Bill 54, the Personal Information Protection Amendment Act, 2009. Mr. Speaker, this bill is a direct result of the hard work of the SelectSpecialPersonalInformation Protection ActReviewCommittee, an all-party special committee of the Legislature that in 2006 undertook a complete review of the act and tabled a report to the Legislature in November 2007 outlining recommendations for amendments. This bill incorporates a number of their proposed amendments.The main proposals for change include emerging issues such as notifying the commissioner or individuals about security breaches that place personal information at risk and informing individuals when services involving personal information are occurring outside of Canada. Mr. Speaker, as required for any new legislation in a rapidly evolving area, this bill also does some updating and finetuning of the existing provisions of this act.

Thank you very much, Mr. Speaker.

[Motion carried; Bill 54 read a first time]

The Speaker: The hon. Government House Leader.

Mr. Hancock: Thank you, Mr. Speaker. I move that Bill 54 be moved onto the Order Paper under Government Bills and Orders.

[Motion carried]

Labels: , , ,

10/28/2009 10:56:00 AM  :: (1 comments)  ::  Backlinks
Canadian Privacy Law Blog,

How does this apply to using a US provider of email [say Gmail]?

What about off-site backups, does this mean that Canadian-only providers are available?

Just wondering ....
Post a Comment

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs