In November 2020, the federal government introduced Bill C-11 (The Digital Charter Implementation Act). The proposed bill would overhaul Canada’s existing federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), with a modernized replacement known as the Consumer Privacy Protection Act (CPPA).
If the CPPA becomes law, it will impose several new obligations on businesses. Perhaps one of the biggest changes is a requirement that every organization implement a privacy management program that details the policies, programs and procedures they are using to meet their obligations under the Act. These programs will be unique to each organization and must reflect the volume and sensitivity of the information that the business handles.
In October 2020, the Office of the Privacy Commissioner (OPC) released a guide to help businesses comply with PIPEDA. Notably, these guidelines include a framework of a privacy management program and may provide businesses a preview of what is to come.