{"id":26396,"date":"2021-02-04T12:28:54","date_gmt":"2021-02-04T12:28:54","guid":{"rendered":"https:\/\/www.syscreations.ca\/blog\/?p=26396"},"modified":"2021-05-18T06:32:01","modified_gmt":"2021-05-18T06:32:01","slug":"data-privacy-laws-in-canada","status":"publish","type":"post","link":"https:\/\/www.syscreations.ca\/blog\/data-privacy-laws-in-canada\/","title":{"rendered":"Explained: Canadian Data Privacy Laws in Easy Terms"},"content":{"rendered":"\n<p>Canada is one of the few countries across the world that consider data privacy as a serious business.&nbsp;<\/p>\n\n\n\n<p>Be it a small startup or a large corporation, <span style=\"color:#7b68ee\" class=\"has-inline-color\">federal and provincial governments never show mercy if anyone violates Canadian data privacy laws.&nbsp;<\/span><\/p>\n\n\n\n<p>There are many victims of Canadian privacy legislation who either have paid a hefty fine or stopped their business operation in Canada.&nbsp;<\/p>\n\n\n\n<p>One most recent victim is Clearview.&nbsp;<\/p>\n\n\n\n<p><center><blockquote class=\"twitter-tweet\"><p lang=\"en\" dir=\"ltr\">News release: Clearview AI\u2019s unlawful practices represented mass surveillance of Canadians, commissioners say <a href=\"https:\/\/t.co\/LI4AQBh0jm\">https:\/\/t.co\/LI4AQBh0jm<\/a> <a href=\"https:\/\/t.co\/ViuVocoIqw\">pic.twitter.com\/ViuVocoIqw<\/a><\/p>\u2014 OPC (@PrivacyPrivee) <a href=\"https:\/\/twitter.com\/PrivacyPrivee\/status\/1356990913000726534?ref_src=twsrc%5Etfw\">February 3, 2021<\/a><\/blockquote> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/center><\/p>\n\n\n\n<h2><strong>Clearview vs Privacy Commissioners: The Entire Incident <\/strong>&nbsp;<\/h2>\n\n\n\n<p><strong><u><span style=\"color:#dd0055\" class=\"has-inline-color\">About Clearview:<\/span><\/u><\/strong><\/p>\n\n\n\n<p>Clearview is a New York-based technology company that offers facial recognition software.&nbsp;<\/p>\n\n\n\n<p>The top customers of the Clearview software are private companies, law enforcement agencies, universities and individuals.&nbsp;<\/p>\n\n\n\n<p>Clearview allows its customers to know the details of individuals by uploading just an image of that person.&nbsp;<\/p>\n\n\n\n<p><span style=\"color:#7b68ee\" class=\"has-inline-color\">In this way, it stores many crucial and confidential biometric information of the individuals.&nbsp;<\/span><\/p>\n\n\n\n<p>It is a great technology &#8211; unless the purpose of using Clearview facial recognition is right.&nbsp;<\/p>\n\n\n\n<p>Several police forces in Canada including Royal Canadian Mounted Police are using it.&nbsp;<\/p>\n\n\n\n<p><strong><u><span style=\"color:#dd0055\" class=\"has-inline-color\">Privacy commissioners in action:<\/span><\/u><\/strong><\/p>\n\n\n\n<p>After initial complaints and reports, the federal privacy commissioner, and privacy commissioners of Alberta, British Columbia and Quebec launched the inquiry against Clearview.&nbsp;<\/p>\n\n\n\n<p>They wanted to examine <span style=\"color:#7b68ee\" class=\"has-inline-color\">whether Clearview follows the applicable Canadian privacy laws and whether it collects, uses and discloses personal information according to laws.<\/span>&nbsp;<\/p>\n\n\n\n<p>More specifically, privacy commissioners sought to investigate:&nbsp;<\/p>\n\n\n\n<ul><li>Whether Clearview obtains the consent of individuals before collecting, using and sharing personal information.&nbsp;<\/li><\/ul>\n\n\n\n<ul><li>Whether Clearview collects, uses and discloses personal information for an appropriate reason.&nbsp;&nbsp;<\/li><\/ul>\n\n\n\n<ul><li>Whether Clearview had reported the creation of a database of biometric characteristics.&nbsp;&nbsp;<\/li><\/ul>\n\n\n\n<p><strong><u><span style=\"color:#dd0055\" class=\"has-inline-color\">What did Clearview do wrong or unlawful?<\/span><\/u><\/strong><\/p>\n\n\n\n<ul><li>Clearview collected the personal information of the users without asking for their permission.&nbsp;<\/li><\/ul>\n\n\n\n<ul><li>Clearview collected personal information from publicly available websites. (However,&nbsp; Clearview claimed that the consent requirement does not apply to information gathered from publicly available websites. But, they were wrong. Under PIPEDA (federal law), PIPA (Alberta law), PIPA (B.C. law), Quebec\u2019s privacy law, there is no such exception.&nbsp;&nbsp;<\/li><\/ul>\n\n\n\n<ul><li>Clearview collected, used and shared the information for the wrong purpose. (It is collecting information to provide service to its customers.)<\/li><\/ul>\n\n\n\n<p><strong><u><span style=\"color:#dd0055\" class=\"has-inline-color\">Clearview in its defence:<\/span><\/u><\/strong><\/p>\n\n\n\n<p>Clearview made the following points in its defence which however were all rejected by privacy commissioners.&nbsp;<\/p>\n\n\n\n<ul><li>PIPEDA does not apply to us (Clearview), as none of our activities originally take place in Canada.&nbsp;<\/li><\/ul>\n\n\n\n<ul><li>Not many Canadians would have used our services.&nbsp;<\/li><\/ul>\n\n\n\n<ul><li>None of the provincial privacy laws applicable to us (Clearview) as we did not collect, use or disclose personal information within the provinces of Alberta, Quebec or British Columbia, but rather in the United States.&nbsp;<\/li><\/ul>\n\n\n\n<p><strong><u><span style=\"color:#dd0055\" class=\"has-inline-color\">Penalties to Clearview:<\/span><\/u><\/strong><\/p>\n\n\n\n<p>Privacy commissioners told Clearview that they could order or recommend to:&nbsp;<\/p>\n\n\n\n<ul><li><span style=\"color:#7b68ee\" class=\"has-inline-color\">Stop its service offering in Canada.<\/span><\/li><\/ul>\n\n\n\n<ul><li>Stop the collection, usage and disclosure of Canadians\u2019 personal information.&nbsp;<\/li><\/ul>\n\n\n\n<ul><li>Delete database that contains the collected information of the Canadians.&nbsp;&nbsp;<\/li><\/ul>\n\n\n\n<p><strong><u>#AnOpinion: What made Clearview the victim of Canadian data privacy laws?<\/u><\/strong>&nbsp;<\/p>\n\n\n\n<p><span style=\"color:#7b68ee\" class=\"has-inline-color\">It is clearly visible that Clearview misunderstood the privacy laws requirements. It in fact gave a cold shoulder to provincial privacy laws.&nbsp;<\/span><\/p>\n\n\n\n<h1><strong>Understand the Structure of Canadian Data Privacy Laws<\/strong><\/h1>\n\n\n\n<p>Well, it is complicated and confusing. Thus many companies can\u2019t be compliant with privacy laws even after putting in much effort.&nbsp;<\/p>\n\n\n\n<p>In Canada, there are major 5 types of privacy laws.&nbsp;<\/p>\n\n\n\n<ul><li><strong><u><span style=\"color:#dd0055\" class=\"has-inline-color\">Public sector privacy law applicable at the federal level<\/span><\/u><\/strong><\/li><\/ul>\n\n\n\n<p>The Privacy Act &#8211; is the single act that applies to all personal information collected, used and shared by the federal government of Canada and its ministries.&nbsp;<\/p>\n\n\n\n<ul><li><strong><u><span style=\"color:#dd0055\" class=\"has-inline-color\">Private sector privacy law applicable at the federal level<\/span><\/u><\/strong><\/li><\/ul>\n\n\n\n<p>PIPEDA is one such law that applies to information collected, used and shared by the private sector within Canada.&nbsp;<\/p>\n\n\n\n<ul><li><strong><u><span style=\"color:#dd0055\" class=\"has-inline-color\">Public sector privacy laws applicable at the provincial level<\/span><\/u>\u00a0<\/strong><\/li><\/ul>\n\n\n\n<p>All major provinces in Canada have their own dedicated laws that apply to the public sector within that particular province. For instance, FOIP in Alberta and FIPPA &amp; MFIPPA in Ontario.&nbsp;<\/p>\n\n\n\n<ul><li><strong><u><span style=\"color:#dd0055\" class=\"has-inline-color\">Private sector privacy laws applicable at the provincial level<\/span><\/u><\/strong><\/li><\/ul>\n\n\n\n<p>All major provinces in Canada have their own dedicated laws that apply to the private sector within that particular province. For instance, PIPA in Alberta, PIPA in B.C.&nbsp;<\/p>\n\n\n\n<p><span style=\"color:#7b68ee\" class=\"has-inline-color\">There are some provinces including Ontario that do not have dedicated private sector law. In such a province, you have to follow PIPEDA &#8211; federal level privacy law for the private sector.&nbsp;<\/span><\/p>\n\n\n\n<ul><li><strong><u><span style=\"color:#dd0055\" class=\"has-inline-color\">Industry-wise laws applicable at the provincial level<\/span><\/u><\/strong><\/li><\/ul>\n\n\n\n<p>One industry that is highly regulated in Canada is the healthcare industry. Major Canadian provinces including Alberta and Ontario have dedicated privacy laws for healthcare such as PHIPA in Ontario and HIA in Alberta.&nbsp;<\/p>\n\n\n\n<p><strong>You should also read our other useful resources:<\/strong> <\/p>\n\n\n\n<ul><li><strong><a href=\"https:\/\/www.syscreations.ca\/blog\/phipa-ontario-regulations\/\" target=\"_blank\" rel=\"noreferrer noopener\">PHIPA Ontario Regulations<\/a><\/strong><\/li><li><strong><a href=\"https:\/\/www.syscreations.ca\/blog\/healthcare-compliance-certificate\/\" target=\"_blank\" rel=\"noreferrer noopener\">Healthcare Compliance Certificate<\/a><\/strong><\/li><li><strong><a href=\"https:\/\/www.syscreations.ca\/blog\/pipeda-myths\/\" target=\"_blank\" rel=\"noreferrer noopener\">Top 10 PIPEDA Myths <\/a><\/strong><\/li><\/ul>\n\n\n\n<h2><strong>The Most Challenging Part is: Many Sub-Requirements of Each Requirement of Each Law! <\/strong>&nbsp;<strong>&nbsp;<\/strong><\/h2>\n\n\n\n<p>Yes, each privacy law includes several hundred requirements that you must adhere to.&nbsp;<\/p>\n\n\n\n<p>However, there are some requirements that size as much as another law.&nbsp;<\/p>\n\n\n\n<p>For instance, the HIA (Health Information Act) of Alberta has one requirement called <a href=\"https:\/\/www.syscreations.ca\/blog\/alberta-netcare-ehr\/\">PIA (Privacy Impact Assessment)<\/a> under its section 64.&nbsp;<\/p>\n\n\n\n<p>To be compliant with HIA, PIA is one of the requirements that you have to meet.&nbsp;<\/p>\n\n\n\n<p>But to meet the PIA requirement, you have to meet many sub-requirements of PIA.&nbsp;<\/p>\n\n\n\n<p>This makes it very challenging to address all requirements of the law and be compliant with it.&nbsp;<\/p>\n\n\n\n<p><span style=\"color:#7b68ee\" class=\"has-inline-color\">The situation gets worse when there are multiple laws applying to your organization.<\/span>&nbsp;<\/p>\n\n\n\n<h2><strong>Confused About Where to Start to Be Compliant With Privacy Laws? Follow These Simple Steps<\/strong><\/h2>\n\n\n\n<p>Before we move ahead, understand the fact that privacy laws in Canada are applicable to entire organizations including staff, business partners, apps, servers, software or any digital system.&nbsp;<\/p>\n\n\n\n<p>Thus, your compliance strategy should be based on several fronts such as internal stakeholders, external stakeholders, internal digital systems and external digital systems.<\/p>\n\n\n\n<p><span style=\"color:#7b68ee\" class=\"has-inline-color\">You can also divide the regulations of law into technical, business and operational regulations.<\/span>&nbsp;<\/p>\n\n\n\n<p>The following are important steps that will help you.&nbsp;<\/p>\n\n\n\n<ul><li><strong>Know which privacy laws apply to you.\u00a0<\/strong><\/li><\/ul>\n\n\n\n<ul><li><strong>Read and understand each and every requirement of those laws.\u00a0<\/strong><\/li><\/ul>\n\n\n\n<ul><li><strong>Prioritize requirements as not all requirements are mandatory.<\/strong>\u00a0<\/li><\/ul>\n\n\n\n<ul><li><strong>List out the steps you have to execute to address each requirement.\u00a0<\/strong><\/li><\/ul>\n\n\n\n<ul><li><strong>Document each and every step that directly influences compliance.\u00a0<\/strong><\/li><li><strong>Have a dedicated resource that only looks after the compliance readiness of your organization.\u00a0<\/strong><\/li><\/ul>\n\n\n\n<ul><li><strong>Make sure your business partners are also privacy laws compliant.\u00a0<\/strong><\/li><\/ul>\n\n\n\n<ul><li><strong>Carry out a compliance audit on a regular basis.\u00a0<\/strong><\/li><\/ul>\n\n\n\n<h2><strong>Still, Confused? Talk to Our Local Compliance Experts\u00a0<\/strong><\/h2>\n\n\n\n<p>We\u2019re an Ontario-based team of Compliance experts &#8211; working with a simple vision to let businesses focus on business &#8211; not on legal challenges.&nbsp;<\/p>\n\n\n\n<p><span style=\"color:#7b68ee\" class=\"has-inline-color\">Being a Canadian company, we know the gravity of Canadian privacy legislation for all Canadian organizations.&nbsp;<\/span><\/p>\n\n\n\n<p>We offer comprehensive compliance consulting for any federal and provincial privacy law.&nbsp;<\/p>\n\n\n\n<p>With our technical team, we even help organizations implement compliance regulations for mobile apps, software, websites and any digital system.&nbsp;<\/p>\n\n\n\n<p>We have also mastered PIA and TRA which respectively reveal privacy vulnerabilities in an organization and in the apps, software, websites.<\/p>\n\n\n\n<p><span style=\"color:#7b68ee\" class=\"has-inline-color\">Our CEO himself leads our compliance team.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"color:#7b68ee\" class=\"has-inline-color\">And thus, only our most experienced team will be working for you to solve your compliance-related challenges.<\/span><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Canada is one of the few countries across the world that consider data privacy as a serious business.&nbsp; Be it a small startup or a large corporation, federal and provincial governments never show mercy if anyone violates Canadian data privacy laws.&nbsp; There are many victims of Canadian privacy legislation who either have paid a hefty [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":26400,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[12],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v16.1.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Explained: Canadian Data Privacy Laws in Easy Terms<\/title>\n<meta name=\"description\" content=\"Clearview violated Canadian data privacy laws. Learn from its mistake and know Canadian privacy legislation structure or Canadian data privacy laws.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.syscreations.ca\/blog\/data-privacy-laws-in-canada\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Recent Victim of Canadian Privacy Laws\" \/>\n<meta property=\"og:description\" content=\"Where it made mistake and how you can avoid\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.syscreations.ca\/blog\/data-privacy-laws-in-canada\/\" \/>\n<meta property=\"og:site_name\" content=\"SyS Creations - IT Management, Compliance &amp; Consulting Company in Canada\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-04T12:28:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-05-18T06:32:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.syscreations.ca\/blog\/wp-content\/uploads\/2021\/02\/Blog-11-4-2-21.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Recent Victim of Canadian Privacy Laws\" \/>\n<meta name=\"twitter:description\" content=\"Where it made mistake and how you can avoid\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\">\n\t<meta name=\"twitter:data1\" content=\"6 minutes\">\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.syscreations.ca\/blog\/#website\",\"url\":\"https:\/\/www.syscreations.ca\/blog\/\",\"name\":\"SyS Creations - IT Management, Compliance &amp; Consulting Company in Canada\",\"description\":\"SyS Creations - IT Management, Compliance &amp; Consulting Company in Canada\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/www.syscreations.ca\/blog\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.syscreations.ca\/blog\/data-privacy-laws-in-canada\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.syscreations.ca\/blog\/wp-content\/uploads\/2021\/02\/Blog-11-4-2-21.jpg\",\"contentUrl\":\"https:\/\/www.syscreations.ca\/blog\/wp-content\/uploads\/2021\/02\/Blog-11-4-2-21.jpg\",\"width\":1280,\"height\":720,\"caption\":\"Clearview Violated Canadian Data Privacy Laws - Learning for All Canadian Organizations\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.syscreations.ca\/blog\/data-privacy-laws-in-canada\/#webpage\",\"url\":\"https:\/\/www.syscreations.ca\/blog\/data-privacy-laws-in-canada\/\",\"name\":\"Explained: Canadian Data Privacy Laws in Easy Terms\",\"isPartOf\":{\"@id\":\"https:\/\/www.syscreations.ca\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.syscreations.ca\/blog\/data-privacy-laws-in-canada\/#primaryimage\"},\"datePublished\":\"2021-02-04T12:28:54+00:00\",\"dateModified\":\"2021-05-18T06:32:01+00:00\",\"author\":{\"@id\":\"https:\/\/www.syscreations.ca\/blog\/#\/schema\/person\/c09c2823449c6b5e7b11fd98b3897f9a\"},\"description\":\"Clearview violated Canadian data privacy laws. Learn from its mistake and know Canadian privacy legislation structure or Canadian data privacy laws.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.syscreations.ca\/blog\/data-privacy-laws-in-canada\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.syscreations.ca\/blog\/data-privacy-laws-in-canada\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.syscreations.ca\/blog\/data-privacy-laws-in-canada\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.syscreations.ca\/blog\/\",\"url\":\"https:\/\/www.syscreations.ca\/blog\/\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"position\":2,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.syscreations.ca\/blog\/data-privacy-laws-in-canada\/\",\"url\":\"https:\/\/www.syscreations.ca\/blog\/data-privacy-laws-in-canada\/\",\"name\":\"Explained: Canadian Data Privacy Laws in Easy Terms\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.syscreations.ca\/blog\/#\/schema\/person\/c09c2823449c6b5e7b11fd98b3897f9a\",\"name\":\"Parth Patel\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.syscreations.ca\/blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e69b7008ca1aaee24496ae0be968f8af?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e69b7008ca1aaee24496ae0be968f8af?s=96&d=mm&r=g\",\"caption\":\"Parth Patel\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","_links":{"self":[{"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/posts\/26396"}],"collection":[{"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/comments?post=26396"}],"version-history":[{"count":6,"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/posts\/26396\/revisions"}],"predecessor-version":[{"id":27285,"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/posts\/26396\/revisions\/27285"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/media\/26400"}],"wp:attachment":[{"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/media?parent=26396"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/categories?post=26396"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/tags?post=26396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}