[Canada] How new worker privacy legislation will impact your organisation

[Canada] How new worker privacy legislation will impact your organisation
21 Jul 2022

In June, the Canadian government announced new workplace legislation that stipulates what employers can and cannot do in regards to worker privacy, Human Resources Director breaks down the key information employers needs to know.

Bill C-27 - an Act to enact the Consumer Privacy Protection Act - is the latest legislation to impact Ontario employers’ workplace conduct, following the praised Working for Workers Act.

This Bill is intended to update Canada's federal privacy law, which also covers the Personal Information Protection and Electronic Documents Act. 

The intention of the Act, among other things, is to propose some new rules for artificial intelligence (AI) in terms of specific requirements or nuances and what it really means for employers.

“If the Bill is passed, it would replace Part 1 of PIPEDA with the new Consumer Privacy Protection Act, also known as the CPPA. It would also enact the Personal Information and Data Protection Tribunal Act (PIDPTA), which develops a new administrative tribunal to hear appeals of certain decisions made by the Privacy Commissioner. There would be new developments relating to artificial intelligence, as the Bill would enact the Artificial Intelligence and Data Act,” Nadia Zaman - Associate at Rudner Law - told HRD.

“At the end of the day, there are various new requirements that are being set out by this Bill. And it looks like there's growing efforts to consider data security, not just within Canada but also internationally, which indicates that employers should start to assess their own data policies and procedures,” Ms Zaman said.

At present one of the main areas of concern for employers is reportedly the requirement for consent. Employers need to complete a privacy impact assessment and provide copies of the assessment to the Commissioner. Penalties are another factor weighing on HR leaders’ minds; specifically the repercussions of either not following the Bill or breaking the law entirely.

“The Bill sets out factors that the Commissioner must take into account when recommending a penalty to the new Tribunal,” Ms Zaman said. “The Tribunal would have the ability to impose an administrative monetary penalty up to $10 million or three per cent of gross global revenue. That said, we will have to wait and see what penalties end up being imposed on organizations. Organizations that are guilty of an indictable offence would be liable to a fine of up to five per cent of gross global revenue or $25 million, whichever is greater.”

As a result of the novelty of the Bill, and the fact that employers still don't know what to expect, many employers are concerned about what the implications are going to be. Ultimately, HRD says, this Bill follows a growing trend toward privacy; developing more robust protection for everyone involved.

“This means that employers need to be proactive and strategic in making sure they are addressing any gaps in their policies from now onwards, as opposed to waiting until the last minute,” Ms Zaman said. “I would really recommend employers to start looking into their internal policies and procedures and ensure any existing or potential gaps are addressed. If you’re unsure, always seek legal advice.”


Source: Human Resources Director

(Quotes via original reporting)

In June, the Canadian government announced new workplace legislation that stipulates what employers can and cannot do in regards to worker privacy, Human Resources Director breaks down the key information employers needs to know.

Bill C-27 - an Act to enact the Consumer Privacy Protection Act - is the latest legislation to impact Ontario employers’ workplace conduct, following the praised Working for Workers Act.

This Bill is intended to update Canada's federal privacy law, which also covers the Personal Information Protection and Electronic Documents Act. 

The intention of the Act, among other things, is to propose some new rules for artificial intelligence (AI) in terms of specific requirements or nuances and what it really means for employers.

“If the Bill is passed, it would replace Part 1 of PIPEDA with the new Consumer Privacy Protection Act, also known as the CPPA. It would also enact the Personal Information and Data Protection Tribunal Act (PIDPTA), which develops a new administrative tribunal to hear appeals of certain decisions made by the Privacy Commissioner. There would be new developments relating to artificial intelligence, as the Bill would enact the Artificial Intelligence and Data Act,” Nadia Zaman - Associate at Rudner Law - told HRD.

“At the end of the day, there are various new requirements that are being set out by this Bill. And it looks like there's growing efforts to consider data security, not just within Canada but also internationally, which indicates that employers should start to assess their own data policies and procedures,” Ms Zaman said.

At present one of the main areas of concern for employers is reportedly the requirement for consent. Employers need to complete a privacy impact assessment and provide copies of the assessment to the Commissioner. Penalties are another factor weighing on HR leaders’ minds; specifically the repercussions of either not following the Bill or breaking the law entirely.

“The Bill sets out factors that the Commissioner must take into account when recommending a penalty to the new Tribunal,” Ms Zaman said. “The Tribunal would have the ability to impose an administrative monetary penalty up to $10 million or three per cent of gross global revenue. That said, we will have to wait and see what penalties end up being imposed on organizations. Organizations that are guilty of an indictable offence would be liable to a fine of up to five per cent of gross global revenue or $25 million, whichever is greater.”

As a result of the novelty of the Bill, and the fact that employers still don't know what to expect, many employers are concerned about what the implications are going to be. Ultimately, HRD says, this Bill follows a growing trend toward privacy; developing more robust protection for everyone involved.

“This means that employers need to be proactive and strategic in making sure they are addressing any gaps in their policies from now onwards, as opposed to waiting until the last minute,” Ms Zaman said. “I would really recommend employers to start looking into their internal policies and procedures and ensure any existing or potential gaps are addressed. If you’re unsure, always seek legal advice.”


Source: Human Resources Director

(Quotes via original reporting)