The Three Stages of Canadian Privacy Law

My regular Law Bytes column (non-reg. hyperlinked version or Toronto Star version, homepage version) examines the development of Canadian privacy law, arguing that it is unfolding in three stages. The first stage focused on self-regulatory initiatives such as the CSA Model Code. When few companies were willing to bind themselves to the Code, Canada embarked on stage two by establishing national privacy legislation that emphasizes mediation and light regulation.

I argue that we are on the verge of stage three, which will feature a much stronger regulatory framework. Potential changes include order making power for the Privacy Commissioner, the uniform adoption of legally-mandated disclosures of privacy breaches, and greater protection for personal information that is outsourced to third parties.

Update: The Ottawa Citizen version, titled Maximus Impact, is available online.

Comments are closed.