Don’t Risk Millions of Dollars in Fines by Disregarding Canada’s New Consumer Privacy Protection Act
What you need to know and do to ensure you’re prepared for compliance with Canada’s new Privacy Regulations in the new Consumer Privacy Protection Act.
The new Canadian Consumer Privacy Protection Act regulations governing the use of consumer’s Personal Information (PI) needn’t be burdensome. In fact, they can help protect your organization, reduce operating expenses, and identify opportunities for better governance that ensure you avoid fines, litigation exposure, and foster trust that enhances customer experiences.
On November 17, 2020, the Canadian Digital Charter Implementation Act was introduced, consisting of two parts. One enacts the new Consumer Privacy Protection Act (CPPA), and the second enacts legislation to establish a Personal Information and Data Protection Tribunal. This legislation protects consumers and redefines obligations and expectations for organizations that manage many consumers’ PI.
The legislation would provide for administrative monetary penalties of up to 3% of global revenue or $10 million for non-compliant organizations. Serious contraventions are subject to a maximum fine of 5% of global revenue or $25 million.
In addition to oversight directed by the Office of the Privacy Commissioner of Canada, companies such as telecoms may also be subject to privacy rules mandated by provincial regulations as well as the Internet Code and the Wireless Code issued by the Canadian Radio-television and Telecommunications Commission (CRTC).
Compliance & Privacy Partners helps Canadian companies like yours comply with these regulations by:
- Knowing your data Compliance starts with understanding what data you retain and what you do with it. We help organizations efficiently complete their data mapping exercises to visually understand what personal information is collected, how it’s stored, how it’s accessed, and to whom it’s made accessible or shared.
- Responding to consumer requests We help you set up consumer-facing and backend systems to allow, verify and process data subject requests to access, delete, or correct info and help a consumer opt-out of the sale of their information.
- Updating policies and procedures Privacy policies must be updated regularly. We make sure your data collection forms and disclosures accurately describe your data collection processes and comply with the regulations. We help you to use plain language and alert customers of any updates.
- Working with your data processing vendors Ensuring vendors and business partners are working towards compliance is critical. We help you identify and update vendor contracts and responsibilities and limit your organization’s exposure in the event of non-compliance.
- Providing education and training We help you train consumer-facing staff so they are prepared to inform customers about how the company is complying with regulations like the CCPA and in processing requests. Compliance, legal, IT, operations, and marketing teams should all be aware of how compliance with privacy law works around the organization.
- Monitoring and compliance Establishing governance with clearly defined roles and responsibilities within your organizations is key to sustaining compliance. We help organizations like yours formalize their compliance programs and perform privacy impact assessments.
Take charge of your information governance challenges by contacting us today for a free consultation about your obligations under privacy regulations such as PIPEDA and the CPPA.