The Death of Bill C-11 and PIPEDA Self Assessments
By Caleb Johnson - October 6, 2021
Canadian legislators introduced Bill C-11 in 2020, also known as the Digital Charter Implementation Act, 2020, which would have repealed parts of the Personal Information Protection and Electronic Documents Act (PIPEDA) and established a new legislative framework regulating the collection, use, and disclosure of personal information for commercial activity in Canada. However, we have recently seen Bill C-11 die, and thus be retracted from parliament. There is no indication of whether the Bill will be introduced or if future initiatives will carry similar provisions. This means that PIPEDA will continue as the primary federal private sector data protection law for the foreseeable future, until there is a more concrete plan put in place. Whilst PIPEDA provisions are in place to regulate organizations in most provinces, schools may still want to implement more stringent measures to ensure that they are protecting the personal and sensitive information of their data subjects to the best of their abilities.
Data protection compliance should always run on a framework, there should be a solid structure behind the way that your school protects the personal and sensitive information of students, parents and staff members. A privacy compliance program is the framework that helps you adequately protect the personal information of the members of the school community.
For all of the latest privacy and cyber trends, download our Education Privacy and Technology Magazine!
OPC’s assessment tool
The Office of the Privacy Commissioner of Canada (OPC) has created a PIPEDA self assessment tool to help organizations develop and maintain a comprehensive privacy program. The tool helps you identify gaps through a benchmarking process so that you can clearly see what needs to be done to ensure compliance with PIPEDA.
The PIPEDA self assessment tool includes a Compliance Assessment Guide which lays out key principles of PIPEDA and how to ensure that your school implements the correct activity to abide by them. These include:
Limiting Use, Disclosure, and Retention
For instance, the Accountability Principle makes organisations responsible for the personal information under their control, and requires them to designate at least one individual who is accountable for protecting all personal information in the organization’s possession or custody, even after being transferred to a third party for processing.
The Canada Handbook is an informational resource that outlines the foundations of the current PIPEDA regulations and the requirements for schools under these regulations. The Handbook includes:
A timeline of Selected Privacy Laws in Canada
An overview of Selected Privacy Laws in Canada
Notes on the PIPEDA and Commercial Activities
Extraterritorial Scope of Certain International Laws
Importance of Crafting a Principles-Based Approach to Data Protection Compliance
Information & Cyber Security
Operationalizing Data Protection with 9ine
Overview of Omnibus Data Protection Laws Plus Bill C-11
By utilising the Handbook, your school will be better equipped when it comes to implementing a privacy management program.
Through our experience, 9ine has found that there is a lack of formal, structured training for school IT professionals. That is why we created the 9ine Technical Academy which focuses on security hardening, reducing vulnerabilities in school systems. This training program will provide instructional, methodical, and applicable training on how IT teams can improve cyber security and IT systems operational performance at their school.
Alongside the 9ine Technical Academy, there is also the 9ine Privacy Academy. A series of training sessions in which 9ine data privacy experts will give members of your staff, applicable resources and information to advance your privacy compliance program. Each course workshop will feature examples and case studies using the 9ine App as a resource. In attending the 9ine Privacy Academy, your school will be well equipped to advance your privacy compliance program.
The 9ine App implements a successful and effective data privacy framework into the school PMP in a natural way. Through the use of risk assessments and documentation, schools are given everything they need to ensure that they can evidence compliance now, and when new provisions are implemented by the UK government. By using the App, schools will be better prepared to demonstrate compliance efforts.
To learn more about how 9ine is helping schools in Canada, talk to one of our expert consultants.
Let’s Stay in Touch
Subscribe to our newsletter to receive product announcements & other updates.