Canada
The CCSPA would grant regulators broad authority to verify compliance. Its enforcement framework would include both administrative and criminal measures. Administrative penalties could involve monetary fines, compliance agreements and personal liability for directors and officers, while criminal offences could lead to substantial fines or imprisonment for up to five years for serious violations. Scope of Application 2.1. Legislative Scope PIPEDA applies to organizations that collect, use, or disclose personal information in the course of commercial activities, unless that organization is exempted. PIPEDA defines commercial activity as any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering, or leasing of donor, membership, or other fundraising lists. PIPEDA also applies to federal works, undertakings, or businesses (FWUBs), such as airports, airlines, banks, inter-provincial and international transportation companies, telecommunications companies, and radio and television broadcasters. PIPEDA's coverage here extends to personal information
about FWUBs' employees and applicants for employment (notably, such coverage does not extend to employees of organizations that are not FWUBs). PIPEDA does not apply to charities and non-profit organizations, as long as they do not engage in commercial activities. Finally, PIPEDA lists organizations to which it specifically applies to in Schedule 4; only the World Anti-Doping Agency is listed. 2.1.1. Definition of personal information Personal information is defined as information about an identifiable individual. PIPEDA does not define "individual" but the OPC has indicated that "individual" means a natural person. Personal information includes any factual or subjective information, recorded or not about an identifiable individual. This includes information collected in any form (e.g., in electronic or other formats). 2.1.2. Different categories and types of personal data Sensitive information is not defined in PIPEDA. However, sensitivity is tied to consent and safeguarding principles, and is a factor in determining whether a data breach creates a real risk of significant harm.
https://www.foglers.com/
Made with FlippingBook - PDF hosting