On August 11, 2025, the Office of the Privacy Commissioner of Canada (OPC) published guidance (Guidance) for private-sector organizations on their privacy obligations under the Personal Information Protection and Electronic...more
On August 11, 2025, the Office of the Privacy Commissioner of Canada ("OPC") issued two sets of guidance for processing of individual's biometric data: one for federal institutions and one for private businesses. Below we...more
The rise of biometric technologies has ushered in a new era of convenience and security. But with that innovation comes heightened privacy risk. Recognizing the sensitivity of biometric data, the Office of the Privacy...more
One area of practical importance to employers is an employee’s right to examine material contained in his or her personnel file. Often times an employee will request a copy of his or her employee personnel file. Sometimes the...more
Le 26 mars 2025, le Commissariat à la protection de la vie privée du Canada (le « CPVP ») a déployé, à l’intention des organisations, un outil d’autoévaluation du risque réel de préjudice grave à la vie privée (l’« outil »)....more
On March 26, 2025, the Office of the Privacy Commissioner of Canada (OPC) released a privacy breach real risk of significant harm assessment tool (Tool) for organizations....more
Responsible organizations understand that privacy governance is essential for the systematic and compliant management of personal data and for maintaining customer and stakeholder trust. In a world where people increasingly...more
The tightening of privacy and data protection compliance obligations in Canada and the United States, has led to increasingly comprehensive “data security and privacy” representations and warranties in purchase agreements, as...more
As of September 22, 2024, the final provision of Law 25, An Act to modernize legislative provisions as regards the protection of personal information, will take effect, establishing a new right to data portability for...more
In a recent ruling, Canada’s Federal Court of Appeal held that Facebook, Inc. (now Meta Platforms Inc.) breached its obligations under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) by sharing...more
The ongoing debate surrounding the use of facial recognition technology by law enforcement has sparked concern among legal and AI experts. Several law enforcement agencies in Canada have already adopted the technology, while...more
Effective May 24, 2024, the Office of the Privacy Commissioner of Canada (OPC) has introduced a new online PIPEDA breach reporting form for federal institutions and businesses subject to the Personal Information Protection...more
On May 24, 2024, the Office of the Information and Privacy Commissioner of Canada (OPC) issued new guidance relating to data breach reporting for federal institutions and businesses....more
Introduction - As a federal state with law-making powers shared between federal and provincial/territorial governments, Canada has both federal and provincial/territorial privacy laws that govern the private and public...more
L’année 2023 a été marquée par d’importants changements dans le droit canadien de la protection de la vie privée et des données. Comme nous l’avons fait les années précédentes, nous soulignons la Journée de la protection des...more
2023 was a year of significant change for Canadian privacy and data protection law. As in previous years, to mark Data Privacy Day, we’ve summarized the most important developments from the previous year and provide a look...more
In late 2021, the Quebec legislature passed “The Privacy Legislation Modernization Act” or Law No. 25 (“Law 25”), which was designed to modernize and make significant changes to Quebec’s existing privacy framework....more
Jurisdictions across the globe are implementing their own unique take on data privacy legislation, and Canada’s Quebec province is no exception. Read on to learn all about what makes this law unique and how you can comply....more
Earlier this year, the Office of the Privacy Commissioner of Canada (OPC) revised its guideline, Privacy in the Workplace, which addresses employee rights and workplace obligations with respect to employee personal...more
Congress has repeatedly failed to pass comprehensive national data protection legislation, and the states are rapidly filling the void with laws that impose different requirements on a state-by-state basis. Most of these...more
General - Privacy and data protection requirements in Canada may originate from a number of different sources, depending on factors such as the industrial sector in which an organization operates, the jurisdiction in...more
Introduction - Recent years have brought a dramatic increase in the number of countries that have comprehensive privacy and data security laws. As the world has become increasingly digital, privacy and data protection have...more
Recent findings by the Office of the Privacy Commissioner of Canada (“OPC”) found that Home Depot of Canada Inc. (“Home Depot”) did not obtain valid meaningful consent to share summary purchase information with Meta Platforms...more
Effective January 1, 2023, private companies incorporated in Ontario must establish and maintain a Register of individuals with significant control (“ISCs”). Significant Control means a direct or indirect interest in a...more
California Privacy Protection Agency Releases Revised Regulations - With the effective date less than three months away, and ahead of a Board Meeting on October 28 and 29, the California Privacy Protection Agency released...more