Skip to content
  • Fortra-Logo-TM-SkyBlue
  • File Sharing & DRM Blog
    • Digital Rights Management
    • Secure File Sharing & Compliance
    • Intellectual Property Protection
  • Partners
  • Company
    • About Us
    • Leadership
    • Careers
    • Contact Us
  • Support
  • Contact
  • Search
yH5BAEAAAAALAAAAAABAAEAAAIBRAA7
  • Why Vera?
  • Product
  • Solutions
    • By Industry
      • Manufacturing
      • Media & Entertainment
      • Financial Services
      • Venture Capital & PE
      • Technology
      • Healthcare
    • By Technology
      • DRM
      • Data Classification
      • DLP
      • Secure File Transfer
      • CASB
      • Office365
    • Column 3
  • Customers
  • Resources
  • Pricing
  • Book a Demo
    Book a Demo
Vera  »  File Sharing & DRM Blog  »  Secure File Sharing & Compliance   »   Heads up! New Canadian Data Privacy Act is Around the Corner
Back to File Sharing & DRM Blog
PrevPrevious Post
Next PostNext

Heads up! New Canadian Data Privacy Act is Around the Corner

  • July 14, 2021
  • Heather Brown

The time to prepare to meet soon-to-be-enacted Canadian data privacy regulations is now. Around the world, the awareness of the need to protect the privacy rights of individuals, including the access, transparency, and security of personal information has never been higher. The stakes are high, and urgency is needed to better protect the data organizations โ€“ commercial and governmental โ€“ are entrusted with to handle with care.ย ย 

First, letโ€™sย take a peekย around the corner at whatโ€™s to come,ย then,ย while weโ€™re at it,ย brieflyย recap some of Canadaโ€™s existing privacy laws.ย 

CPPA:ย Anticipatedย Newย Canadian Dataย Privacy Lawย 

While an exact date has not yet been setย (althoughย expectedย sometime in 2021), Canadaโ€™s proposedย Digital Charter Information Act (DCIA)ย and its associatedย CPPA (Consumer Privacy Protection Act)ย andย Personal Information and Data Protection Tribunal Act (PIDPT)ย will serveย to provide more transparency and control around how data that contains personal identifiers can be used.ย 

Theย new legislationย wouldย bothย replace andย add more muscleย to theย countryโ€™sย currentย PIPEDA,ย whichย governs how the private sector handles consumer data.ย The proposed law wouldย provide more stringent consumer protections,ย simplify the consent process,ย and deliverย more clarity around third-party service provider roles.ย Thisย beefierย CPPA, if adopted, would be one of the strictest privacy laws in the world and is currentlyย being likened toย Californiaโ€™s privacy regulationsย as well as to theย EUโ€™sย GDPR.ย ย 

While the CPPA would establish a new private sector privacy law, the PIDPT Act would establish a tribunal to hear recommendations and appeals from the Office of the Privacy Commissioner and create a more efficient enforcement process.ย ย 

The impact of this Act will be felt by organizations and their customers or consumers. The DCIA would give substantially more protections, transparency, and control around consumersโ€™ personal information and organizations themselves would face higher financial consequences for non-compliance with the law. Fines for violations could be as high as five percent of revenue or $25 million, whichever is greater, for serious infractions.

Bill 64: Pourย Lesย Organisationsย Quebecoisesย 

Organizations and businesses doing business in and with Quebecย shouldย pay attention to Bill 64. Thisย Actย proposes significant changes to Quebec private sector and public sector privacy law andย seeksย to amend provincial privacy standards.ย It is substantially more stringent than the CPPA and discussion around interoperability for businesses operating at a nationalย level have been leveled. A detailed account of the billโ€™s proposedย amendments can be foundย here.ย ย ย 

A few of the major changes to Quebecโ€™s current privacy law framework includes new enforcement tools, including substantial monetary penalties for breaches, new private right of action for individuals, breach reporting requirements, and new requirements around outsourcing and transfers outside of Quebec.ย New accountability rules center around establishing a privacy officer role,ย anย obligation to establish and implement governance policies, privacy assessments,ย and privacy by design requirements.

How to Stay on Top of Privacy Law Changesย 

As organizations likeย JDย Supraย and others have advised,ย organizationsย shouldย stay abreast of anticipated law changes and compliance obligations, such as:ย 

  • Signย up forย privacy lawย alertsย ย 

  • Designateย a separateย complianceย teamย ย 

  • Keep a logย detailingย how laws overlap and differย 

  • Createย policiesย toย outlineย workflows surrounding howย data containing personal information is handledย ย 

  • Ensure various organizationalย teams areย madeย aware of how to manage dataย 

  • Establish privacy programsย to promote a uniform process toย handleย privacy matters where global laws coincideย 

Related Reading:ย Canadaโ€™sย Consumer Privacy Protection Act: Impact for Businessesย 

Refresh Your Canadian Privacy Law Knowledgeย 

While the proposed privacy law is still working its way onto the official books, itโ€™s wise to brush up on theย privacy lawsย already inย force to ensure your organization is doing all it can to protect the personal data entrusted to it.ย 

Privacy Act

This Actย is key to Canadaโ€™s overall privacy framework. Itย applies to how the federal government can collect, use,ย and disclose personalย information. In addition, the right to access and correct information held about oneself by the federal government is covered here.ย 

PIPEDA

This current privacy law covers most Canadian businesses handling personal information and is basically centered on acting in goodย faithย when it comes to securing and usingย personal information. It would be replaced by the newer legislation described above. It addresses howย provincial and territorial private-sector businesses and organizations protect personal dataย (asking for and securing consent, giving individuals the opportunity to viewย and amend information,ย and how personal data is stored and disposed of).ย ย 

FIPS 140-2 or Federal Information Processing Standard

FIPS 140-2 lays out the formalย securityย requirements for governmental data use andย requires that any software solutions used by theย government,ย orย itsย trading partners,ย must use theย cryptographicย standard FIPS 140-2 when exchanging personal data for security.ย To meet FIPS validation, software must:ย ย 

  • Secure data in storage (at rest) viaย encryptionย and sanitizationย 

  • Limit access to data through robust role-based user accessย 

  • Safely transmit data through approved protocols, such as FTPS, HTTPS, or SFTPย 

The CSE Act

Seeks toย uphold and strengthen cybersecurity throughout Canadaย through how it collects and interprets data, providing and acquiring foreign intelligence information, protecting data important to Canadian government entities, actively respondingย toย and disrupting foreign interference,ย and supporting federal law and security agencies through technical and operation assistance.ย 

Payment Card Industry Data Security Standard (PCI DSS)

Thisย standard is mandated byย credit card companiesย toย help ensure the security of credit card transactions.ย Itย isย designedย to ensure that all companies that process, store, or transmit credit card information maintain a secure environmentย withย firewalls, password protection, and encryption for data at rest and in transit.

Layeredย Data Security Solutionsย fromย HelpSystemsย Help with Complianceย 

Data security is both a mindset and a coordinated, concrete set of software solutions designed to comprehensively protect data transmitted at all stages of its journey.ย HelpSystemsย offers a robust portfolio of comprehensiveย data security solutionsย to help meet the upcoming Canadian data privacy laws as well as those currently in place.ย 

Layered protection can be applied to dataย throughout its journey for end-to-end security. Ideally, these layers should include solutions that can understand and classify your data,ย detectย and prevent leaks, and secure and protect data both at rest and in motion, such as:ย ย 

  • Data Classification: A data security strategy that starts out by classifying,ย identifyingย and prioritizing the data needing protection forms a solid foundation for protecting personal data privacy.ย 

  • Digital Rights Managementย (DRM):ย DRM can help organizations prevent costly intellectual property exposure and data breaches by protecting the data no matter where it ultimately travels, internally, externally, with suppliers, partners, customers, and more. It addsย additional protection to cover any gaps left by DLP or classification solutions.ย ย 

  • Secure File Transfer: Organizations usingย secure managed file transfer toolsย to transfer files outside of and within their systems get the advantage of strong encryption protocols, automation, and control for end-to-end security and compliance as data is protected at rest and in motion withย aย centralized platform.ย 

Explore Layered Data Security Solutionsย 

Curious about howย yourย organization can benefit from one or any combination of solutions designed to get and keep you in compliance. Check out this brief demonstration.

ย 

Watch Demo Now

Recent Posts

  • PII Compliance Checklist: How to Protect Private Data January 26, 2023
  • How to Prevent Third-Party Vendor Breaches January 17, 2023
  • How to Prevent Data Loss in 10 Different Ways December 19, 2022
  • The Complete Guide to Brand Protection December 15, 2022
  • Top Benefits of Cloud-Based Access Control November 30, 2022

Learn where DRM fits in your data protection strategy

Get started

Keep your most sensitive data in the right handsโ€‹

Schedule a demo
PrevPrevious Post
Next PostNext

Featured Blog

  • July 14, 2021
Heads up! New Canadian Data Privacy Act is Around the Corner
  • January 14, 2021
Enhancing Zero Trust beyond identity to data itself
  • January 14, 2021
How to Manage Data Risk in the Finance Function

News

Press

Events

Awards

File Sharing & DRM Blog

Digital Rights Management

Secure File Sharing & Compliance

Intellectual Property Protection

Follow Us

Twitter Linkedin-in Facebook-f Youtube
Copyright ยฉ Fortra, LLC and its group of companies. All trademarks and registered trademarks are the property of their respective owners. Terms of Service |ย  Privacy Policyย  |ย  Cookie Policyย  | Contact Us