The Safeguarding Canadians' Personal Information Act

Bill Summary

Amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) are being reintroduced to implement the Government Response to the Report of the Standing Committee on Access to Information, Privacy and Ethics (ETHI) on the statutory review of PIPEDA. The amendments (formerly tabled as Bill C-29) aim to better protect and empower consumers, clarify and streamline rules for business, enable effective investigations by law enforcement and security agencies, and address linguistic and other technical drafting issues.

  • The amendments will introduce new requirements for organizations to report material breaches of information security safeguards (data breaches) to the Privacy Commissioner of Canada and to notify affected individuals and certain organizations when the breaches are deemed to pose a real risk of significant harm such as identity theft or fraud.
  • They will also ensure that the Act can accommodate the legitimate needs of business in respect of, for example: business contact information; information produced for work purposes; information necessary for the management of the employment relationship; and information needed to consider and complete business transactions.
  • Enhancements to the consent provisions of the Act are also being proposed to further protect the personal information of minors.
  • The current regulatory requirement for designating investigative bodies is being repealed, allowing any organization subject to the Act to disclose information without consent, but only where it is necessary for the conducting of investigations into contraventions of the law, breaches of agreement, or to prevent fraud.
  • There will be additional exceptions to the Act's consent requirement so that personal information may be released to help protect potential victims of financial abuse, to assist in identifying injured, ill or deceased individuals and to contact their next of kin.
  • This Bill will clarify that the Act permits organizations to collaborate with government institutions that have requested personal information in the absence of a warrant, subpoena, or order.
  • To protect the secrecy and integrity of investigations by law enforcement and security agencies, organizations will be prohibited from notifying an individual about the disclosure of his or her personal information, where the government institution to whom the information was disclosed objects.