The OPC released a position paper this morning entitled The Case for Reforming the Personal Information Protection and Electronic Documents Act (PIPEDA). In the paper, the OPC concludes that "it is becoming increasingly clear that the balance intended by PIPEDA is no longer there...[and at] this stage in PIPEDA's evolution, incentives are needed to encourage organizations to build robust privacy compliance...".
The paper sets out four key recommendations for PIPEDA reform:
- Strengthening enforcement powers, such as by way of statutory damages, order-making power, and administrative monetary penalties
- Mandatory breach reporting requirements
- A requirement that organizations publicly report the number of their disclosures of personal information to law enforcement without consent
- A modification of the accountability principle to, among other things, introduce "enforceable agreements" to ensure organizations meet their commitment following an investigation