The Privacy Officer’s Guide to the Personal Information Protection and Electronic Documents Act, 2024 Edition
One Year Subscription Only Terms
Subscribers receive the product(s) listed on the Order Form and any Updates made available during the annual subscription period. Shipping and handling fees are not included in the annual price.
Subscribers are advised of the number of Updates that were made to the particular publication the prior year. The number of Updates may vary due to developments in the law and other publishing issues, but subscribers may use this as a rough estimate of future shipments. Subscribers may call Customer Support at 800-833-9844 for additional information.
Subscribers may cancel this subscription by: calling Customer Support at 800-833-9844; emailing customer.support@lexisnexis.com; or returning the invoice marked 'CANCEL'.
If subscribers cancel within 30 days after the product is ordered or received and return the product at their expense, then they will receive a full credit of the price for the annual subscription.
If subscribers cancel between 31 and 60 days after the invoice date and return the product at their expense, then they will receive a 5/6th credit of the price for the annual subscription. No credit will be given for cancellations more than 60 days after the invoice date. To receive any credit, subscriber must return all product(s) shipped during the year at their expense within the applicable cancellation period listed above.
Product description
Revised and updated with recent cases and regulatory guidance, The Privacy Officer’s Guide to the Personal Information Protection and Electronic Documents Act, 2024 Edition is an essential reference on compliance with Canada's privacy law regime. Canada’s existing Personal Information Protection and Electronic Documents Act (PIPEDA) is being pushed to its limits by an activist Office of the Privacy Commissioner of Canada (OPC). The result is that the law is often applied in ways that may not be obvious.
This Guide helps sort through past OPC guidance to help sort out which prior interpretations are reliable and where the OPC may go next. In addition, this Guide contains extensive commentary on Bill 27 which would enact the Consumer Privacy Protection Act (CPPA) to replace PIPEDA. The Guide compares the CPPA to PIPEDA and explains how the CPPA may change current guidance and practices.
Features
- Clear explanation of the law and case summaries relating to:
- Collection responsibilities for particular types of personal information
- Meaningful consent requirements and detailed examples of Commissioner findings on the adequacy of consent
- Appropriate uses of personal information
- Application to employees of federal works, undertakings and businesses
- When disclosure and sharing is permitted
- Security incidents and data breach reporting requirements
- Outsourcing and cross border transfers
- Enforcement framework
- Extensive comparison of PIPEDA to the CPPA with new finding aids to assist in locating relevant discussion of key sections of PIPEDA and the CPPA
- Full text of the Act and the Regulations organized thematically to permit the reader to locate commentary, cases, and guidance regarding a concept in one place
Highlights of the 2024 Edition
- A thorough discussion (in each relevant Part of the guide) of Bill C-27, the Digital Charter Implementation Act, 2020, which would repeal parts of PIPEDA and enact in its place the Consumer Privacy Protection Act
- Comparison of Quebec’s Act respecting the protection of personal information in the private sector by Law 25 with the provisions of PIPEDA and Bill C-27
- Updated Table of Concordance which outlines the similarities and differences of the Consumer Privacy Protection Act to PIPEDA with new finding aids to locate relevant discussion of the key sections
- In-depth analysis of key decisions such as:
- Investigation into Home Depot of Canada Inc.’s compliance with PIPEDA in its use of Facebook’s Offline Conversions program
- Joint investigation into location tracking by Tim Horton’s mobile app
- Update on how the landmark decision regarding what constitutes personal information in Canada (Information Commissioner) v. Canada (Minister of Public Safety and Emergency Preparedness) [2019] F.C.J. No. 1251, (“Sig Sauer”) has been applied in recent years
- Updated Table of Commissioner’s Findings
Who Will Benefit
- Organizations that deal with personal information, including financial institutions, professional firms, private health care providers, private educational institutions, private investigators, consumer reporting agencies and all manner of businesses that have occasion to handle personal information
- Service providers to such organizations, including privacy, security and information management consultants and data processors
- Compliance and privacy officers and information managers
- Legal practitioners, including privacy lawyers, corporate and commercial lawyers, IP lawyers, health lawyers, litigators, and corporate counsel
- Individuals who want to:
- Ensure the protection and appropriate use of their personal information that is collected or generated in connection with the purchase of goods or services, employment or any other activity
- Gain access to, and ensure the accuracy of, such information
Table of contents
Table of Cases
Introduction
Part 1: Personal Information Protection
Chapter 1: Purpose, Application and Structure
Chapter 2: What is Personal Information
Chapter 3: Consent and Appropriate Purposes
Chapter 4: Exceptions to the Consent Requirement
Chapter 5: Obligations in Connection with Personal Information
Chapter 6: Enforcement
Part 2: Electronic Documents
A. Purpose of the Act
B. Electronic Document Defined
C. Electronic Actions and Documents
D. Electronic Signatures
Personal Information Protection and Electronic Documents Act
Regulations Pursuant to the Personal Information Protection and Electronic Documents Act
Index