Canadian Lawyer InHouse

June/July 2021

Legal news and trends for Canadian in-house counsel and c-suite executives

Issue link: http://digital.canadianlawyermag.com/i/1376668

Contents of this Issue

Navigation

Page 25 of 35

24 www.canadianlawyermag.com/inhouse FEATURE LAWYERS ARE BRACING for significant change as Canada's privacy regime is set for an overhaul this year at the federal and provincial levels. Anticipated changes include the federal Bill C-11 — also known as the Digital Charter Implementation Act — which introduces new powers and penalties for breaching individual digital privacy rights. Organizations in Quebec are also keeping an eye on Bill-64, which will overhaul the province's private sector regime and give new powers to privacy regulators to impose administrative monetary penalties. "The biggest overhaul going on with our Canadian privacy laws is really multi-enforce- ment action as well as the development of new tribunals," says Karl Schober, senior associate, privacy and cybersecurity group, and transformative technologies and data strategy practice at Dentons LLP. "A lot of clients that have global obligations may not have put Canada first as an area of risk for compliance obligations, but that is going to change." The proposed Digital Charter Implementa- tion Act is a replacement for the existing Personal Information Protection and Electronic Documents Act. It will include the heaviest fines among G7 countries for privacy laws, raising the stakes for legal departments in Canada. "It's a bill that proposes to modernize private sector privacy by enhancing the transparency of personal information held by businesses and also imposing new potentially onerous sanctions for non-compliance," says Eloïse Gratton, a partner and national Organizations brace for major privacy overhaul Legal departments ramp up frameworks to avoid stringent fines co-leader, privacy and data protection practice group at Borden Ladner Gervais LLP. "Businesses that perhaps did not take privacy seriously will have no choice but to start paying attention." Organizations will need to have a privacy program in place, including privacy training for employees and guidelines on outsourcing, says Gratton. The prospect of hefty fines is concerning for insurance giant Sun Life — not so much for the financial impact but for the potential damage to the brand image — so avoiding such fines is critical. "Trust in our brand is everything. We've got a privacy program, which we've been maturing more and more every year, so now it's about seeing what else we can document, what else we can show from a due diligence perspective and what else we can do in terms of monitoring and testing," says Suzanne Morin, vice president, enterprise conduct, data ethics and chief privacy officer at Sun Life. Morin's team takes managing private information for employee and client health benefits very seriously. Sun Life is careful to ensure it only collects information when it is strictly needed, keeps it only as long as required and shares it only with those who need it. The Canadian-based global company uses PIPEDA as its base standard and tweaks it in other jurisdictions where necessary. "One thing we never forget as a global organization is that you create your standard, but you still have to make accommodations for local differences and cultural differences, so a consistent application of these programs doesn't mean it's exactly the same every- where," says Morin. Sun Life follows extensive privacy prac- tices, including creating a global privacy impact assessment framework that provides consistent application of the assessment processes and reporting worldwide. It also allows visibility in any project that touches personal information internally or through a third-party vendor. Sun Life also uses a privacy risk compass and applies client data principles across the organization. According to Gratton, with stricter enforcement looming, in-house counsel should be conducting an inventory of their practices. "A lot of clients that have global obligations may not have put Canada first as an area of risk for compliance obligations, but that is going to change." Karl Schober, Dentons LLP

Articles in this issue

Links on this page

Archives of this issue

view archives of Canadian Lawyer InHouse - June/July 2021