Bill S-4, the Digital Privacy Act (An Act to amend the Personal Information Protection and Electronic Documents Act and to make a consequential amendment to another Act,) was given First Reading in the Senate today. The summary of the Bill describes the proposed amendments as follows:
This enactment amends the Personal Information Protection and Electronic Documents Act to, among other things,(a) specify the elements of valid consent for the collection, use or disclosure of personal information;(b) permit the disclosure of personal information without the knowledge or consent of an individual for the purposes of(i) identifying an injured, ill or deceased individual and communicating with their next of kin,(ii) preventing, detecting or suppressing fraud, or(iii) protecting victims of financial abuse;(c) permit organizations, for certain purposes, to collect, use and disclose, without the knowledge or consent of an individual, personal information(i) contained in witness statements related to insurance claims, or(ii) produced by the individual in the course of their employment, business or profession;(d) permit organizations, for certain purposes, to use and disclose, without the knowledge or consent of an individual, personal information related to prospective or completed business transactions;(e) permit federal works, undertakings and businesses to collect, use and disclose personal information, without the knowledge or consent of an individual, to establish, manage or terminate their employment relationships with the individual;(f) require organizations to notify certain individuals and organizations of certain breaches of security safeguards that create a real risk of significant harm and to report them to the Privacy Commissioner;(g) require organizations to keep and maintain a record of every breach of security safeguards involving personal information under their control;(h) create offences in relation to the contravention of certain obligations respecting breaches of security safeguards;(i) extend the period within which a complainant may apply to the Federal Court for a hearing on matters related to their complaint;(j) provide that the Privacy Commissioner may, in certain circumstances, enter into a compliance agreement with an organization to ensure compliance with Part 1 of the Act; and(k) modify the information that the Privacy Commissioner may make public if he or she considers that it is in the public interest to do so
A Government press release describing the Bill can be found here.
