Mirai Security | Cyber Security Blog

Consumer Privacy Protection Act — Mirai Security | Cyber Security

Written by Alex Dow | Nov 24, 2020

Canada’s Minister of Innovation, Science and Industry Navdeep Bains announces GDPR-inspired privacy law to modernize protection of consumer PII collected by private sector businesses

On November 17th 2020, Canada’s long-rumored data privacy upgrade arrived in the form of Bill C-11, otherwise known as the Digital Charter Implementation Act, 2020. While still in its proposal phase, the government proposed bill aims to improve visibility and consumer control over how businesses in the private sector collect and handle consumer personally identifiable information. To do so, the bill aims to enact the following statutes:

Consumer Privacy Protection Act (CPPA): A modern approach to data privacy that combines the principles found within Canada’s Digital Charter, as well as long-proposed changes to Canada’s decades-old Personal Information Protection and Electronic Documents Act (PIPEDA).

Personal Information Data Protection Tribunal Act: Establishes a Personal Information and Data Protection Tribunal, a group of three to six government-appointed officials (at least one of whom must have a formal background in information and privacy law) who have the power to impose stiff monetary penalties upon privacy infringing organizations.


WHAT IS THE CONSUMER PRIVACY PROTECTION ACT (CPPA)?

While PIPEDA is not going away (its name being shortened to the Electronic Documents Act, as per Bill C-11), the CPPA will become the new legal go-to for ensuring that your personal information is collected, protected, and used appropriately by private businesses.

The CPPA aims to ensure that:

  • Businesses receive consumer consent prior to collection and use of personal information

  • Collection of personal information is restricted to its intended use

  • Consumers maintain ownership of personal information collected by businesses

  • Consumers may request access to collected personal information

  • Consumers may modify/update collected personal information

  • Consumers may request the destruction of collected personal information