PIPEDA amendments tabled - bill C29

PIPEDA, or the Personal Information & Electronic Documents Act is the Canadian privacy law that covers federally regulated entities, and provincially regulated entities in provinces like Ontario that don't have their own privacy laws. Bill C29 was introduced in Parliament this week that will make several amendments to PIPEDA.  Most of these amendments have been expected, and are welcome as they address issues that have arisen from the current legislation. 

The press release is here, and the bill here.

For example, expanding the business contact exemption to include an email address, and explicit provisions that deal with the diligence of and transfer of personal information for the sale, merger, etc of a business.

There are a couple of new parts that could use some clarity, though. 

Language that attempts to clarify what "lawful authority" is that allows one to release information to law enforcement doesn't really seem to clarify what the threshold of proof is, or what to ask for.

It also contains language that requires notification of breaches in certain circumstances to both the privacy commissioner and the affected individuals.  The language has threshold tests - which on the surface are not as clear as they might be.   If this language stays, it may take a privacy commissioner decision and/or court decision to clarify the threshold.

More complete discussion of the PIPEDA amendments are on David Fraser's blog.  See his overview, and his markup showing the changes.