PIPEDA Amendments Would Change Notification Provisions
PRIVACY LAWJuly 9, 2010
The proposed Bill C-29 amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) include key provisions focused on breach reporting and notification requirements as well as consent exemptions for the use of personal information in business transactions, Lawyers Weekly reports. The amendments would require organizations to report data security breaches involving personal information to the privacy commissioner only if they are determined to be "material," as defined by such factors as the sensitivity of the information breached and the number of individuals involved, and in cases with a "real risk of significant harm," the report states. The bill would also permit organizations to use and disclose individuals' personal information related to "prospective business transactions" without their knowledge and consent.