The Privacy Officer’s Guide to the Personal Information Protection and Electronic Documents Act, 2024 Edition

Revised and updated with recent cases and regulatory guidance, The Privacy Officer’s Guide to the Personal Information Protection and Electronic Documents Act, 2024 Edition is an essential reference on compliance with Canada's privacy law regime. Canada’s existing Personal Information Protection and Electronic Documents Act (PIPEDA) is being pushed to its limits by an activist Office of the Privacy Commissioner of Canada (OPC). The result is that the law is often applied in ways that may not be obvious.

This Guide helps sort through past OPC guidance to help sort out which prior interpretations are reliable and where the OPC may go next. In addition, this Guide contains extensive commentary on Bill 27 which would enact the Consumer Privacy Protection Act (CPPA) to replace PIPEDA. The Guide compares the CPPA to PIPEDA and explains how the CPPA may change current guidance and practices.

Features

• Clear explanation of the law and case summaries relating to:
  • Collection responsibilities for particular types of personal information
  • Meaningful consent requirements and detailed examples of Commissioner findings on the adequacy of consent
  • Appropriate uses of personal information
  • Application to employees of federal works, undertakings and businesses
  • When disclosure and sharing is permitted
  • Security incidents and data breach reporting requirements
  • Outsourcing and cross border transfers
  • Enforcement framework
• Extensive comparison of PIPEDA to the CPPA with new finding aids to assist in locating relevant discussion of key sections of PIPEDA and the CPPA
• Full text of the Act and the Regulations organized thematically to permit the reader to locate commentary, cases, and guidance regarding a concept in one place

Highlights of the 2024 Edition

• A thorough discussion (in each relevant Part of the guide) of Bill C-27, the Digital Charter Implementation Act, 2020, which would repeal parts of PIPEDA and enact in its place the Consumer Privacy Protection Act
• Comparison of Quebec’s Act respecting the protection of personal information in the private sector by Law 25 with the provisions of PIPEDA and Bill C-27
• Updated Table of Concordance which outlines the similarities and differences of the Consumer Privacy Protection Act to PIPEDA with new finding aids to locate relevant discussion of the key sections
• In-depth analysis of key decisions such as:
  • Investigation into Home Depot of Canada Inc.’s compliance with PIPEDA in its use of Facebook’s Offline Conversions program
  • Joint investigation into location tracking by Tim Horton’s mobile app
  • Update on how the landmark decision regarding what constitutes personal information in Canada (Information Commissioner) v. Canada (Minister of Public Safety and Emergency Preparedness) [2019] F.C.J. No. 1251, (“Sig Sauer”) has been applied in recent years
• Updated Table of Commissioner’s Findings

Who Will Benefit

• Organizations that deal with personal information, including financial institutions, professional firms, private health care providers, private educational institutions, private investigators, consumer reporting agencies and all manner of businesses that have occasion to handle personal information
• Service providers to such organizations, including privacy, security and information management consultants and data processors
• Compliance and privacy officers and information managers
• Legal practitioners, including privacy lawyers, corporate and commercial lawyers, IP lawyers, health lawyers, litigators, and corporate counsel
• Individuals who want to:
  • Ensure the protection and appropriate use of their personal information that is collected or generated in connection with the purchase of goods or services, employment or any other activity
  • Gain access to, and ensure the accuracy of, such information