Section 29 of PIPEDA
, Canada’s private sector privacy law, requires Parliament to review the portion that deals with data protection every five years. The first review started in 2006 and led (after considerable delay) to the reforms found in Bill C-12
, which is currently languishing in the House of Commons. Bill C-12 notably includes mandatory security breach disclosure requirements. Given the requirement to review the law every five years, the law requires a review in 2011. Yet with the House of Commons now on a break for the holidays, it appears that the review will not happen in a timely fashion as required by law. I don’t know what – if anything – is planned, but unless I’ve missed something as it stands now it appears that the government will fail to comply with the PIPEDA review requirements.