In a recent pursuit to modernize the nation’s data privacy laws, the Government of Canada announced that they would be reviewing the Privacy Act, which applies to federal government and federal public-sector institutions. Originally established in 1983, lawmakers agree that the act is due for an update. Below, we take a closer look into the motivation behind the change, and how public sector organizations can prepare.
Why a Privacy Act Update is in Order
In the early 1980s, when the Privacy Act was enacted, most Canadians’ personal information was stored on paper. With technological advancements, electronic documentation has since become the preferred method for federal institutions to collect and store data. The public’s expectation is that this information will continue to be handled responsibly, but regulations must be put in place to ensure that modern privacy considerations are covered by legislation.
To that end, In 2016, the House of Commons Standing Committee on Access to Information, Privacy, and Ethics Committee studied the protection of personal data held by the federal government and federal public sector institutions. Based on their findings as well as public opinion research, they created a list of recommendations for updating the act. Within them, the Committee advised instituting policies for proper disclosures to the public regarding data collection and management practices, as well as safeguards to prevent sensitive data from leaking.
In addition, joining other nations that have paved the way for data security will be even easier for Canada now that there is a template to follow. According to the United Nations Conference on Trade and Development, 128 out of 194 nations have legislation to protect data and privacy. One source of inspiration for the act’s new draft will be the General Data Protection Regulation (GDPR), the world’s toughest privacy and security law, passed by the European Union in 2018.
How the Privacy Act May Change
Currently, there is no formal consensus on how the Privacy Act will be updated. In 2021, the Government of Canada opened anonline public consultation period, which has since ended. While it will likely take some time for decision makers to sift through the public’s feedback and agree on new legislation, the government has outlined their overarching goals for the update. Some of the most noteworthy objectives include:
- Technological neutrality: The government would aim to develop individualized, contextually sensitive approaches to accommodate the broadest possible range of technologies.
- Effective support and oversight: The Privacy Commissioner of Canada would offer resources and proactive education to help organizations achieve and maintain compliance.
- Drawing from other legal regimes: The government would look to other data protection laws, including the GDPR, to develop a sound and modernized data protection network.
- A privacy-focused approach: The updated act would emphasize the importance of starting any new technological project with data privacy at the forefront.
- Digital transformation: A new act would also encourage government digital transformation that would offer digitally enabled services and results.
What it Means for Public Sector Organizations
While we have yet to see the significance of an updated Privacy Act, we can assume based on other privacy laws that public sector institutions will need to make some changes. Specifically, organizations will likely have to establish protocols for handling citizens’ data more securely, including how it’s collected, disclosed, used, stored, and protected. In addition, protocols may include a comprehensive IT asset disposition (ITAD) strategy to ensure data is destroyed in a way that mitigates the risk of leaks.
As a NAID AAA certified company, Quantum adheres to rigorous requirements for secure data destruction. Find out more about how we can manage data destruction for public sector organizations here.