March 6, 2018
Patricia Kosseim, counsel in Osler’s Privacy and Data Management Group, tells Canadian Lawyer that recommendations by a Parliamentary committee to update the Personal Information Protection and Electronic Documents Act (PIPEDA) likely have to do with the Canadian government wanting to keep in line with European privacy requirements. In her article, author Jennifer Brown examines recommended changes to Canadian privacy laws made in a February 28 report by the federal Standing Committee on Access to Information, Privacy and Ethics. Patricia, who co-leads Osler’s AccessPrivacy platform, explains.
“A lot of the impetus for that is coming from across the ocean in the form of GDPR regulations,” Patricia tells Canadian Lawyer. “That is certainly setting the pace and parliamentarians are very keen to make sure Canada doesn’t fall behind.”
The article outlines how the committee made 19 recommendations to update PIPEDA and provide the privacy commissioner with greater enforcement powers. Patricia, who previously served as Senior General Counsel and Director General at the Office of the Privacy Commissioner of Canada, says the evolving privacy landscape will continue to be a “major preoccupation” for many organizations.
“I think some of the big privacy challenges that are concerning to many general counsel and private sector organizations is the fast and inevitable changes to the legislative landscape,” Patricia tells Canadian Lawyer. “Canada will be hard placed to align itself with the new GDPR regulations that are due to be fully implemented this May.
“Organizations are going to have to stand ready to implement whatever this new generation of privacy laws may usher in, on the one hand, but they also have a wonderful opportunity to help shape that policy agenda with input in the legislative and regulatory process and they will need to supplement that framework with practical operational solutions as well.”
Patricia also discusses the issue of cybersecurity and says that cyber-threats can be an “unwitting factor and reason” for non-compliance, despite the best efforts of many.
“Breach is not synonymous with compliance, but certainly cybersecurity makes it challenging for everybody,” Patricia tells Canadian Lawyer.
“We’re just dealing with really complex issues and nobody has answers to those and they have everybody stumped in terms of trying to resolve and find paths forward to take advantage of the great potential and promise of data while respecting people’s privacy, and I think that’s the challenge for everybody in the next couple of years if not the short- or medium-term horizon.”
For more information, read Jennifer Brown’s article “Proposed changes to Canadian privacy laws influenced by changes coming from EU” in Canadian Lawyer.