Skip To Content

Exploring the Compliance Cost and Impact of Canadian Federal and Provincial Privacy Legislative Reform

Author(s): Adam Kardash

Sep 29, 2021

Surveys by PwC have found that most companies anticipate increased operational and compliance costs from privacy legislation reform, specifically Québec’s Bill 64 and upcoming federal legislation. At Osler’s September 2021 monthly privacy call,  Adam Kardash, Partner, Privacy and Data Management, facilitated a discussion of results from two PwC surveys, specifically considering the anticipated impact of, and companies’ organizational readiness to address, these new statutory regimes. He discussed the survey results with Jordan Prokopy, Partner and Privacy Leader, PwC.

One survey, focused on the proposed federal Bill C-11, was distributed to 100 senior Canadian decision makers responsible for privacy and data issues. A second survey relating to Bill 64 was sent to 75 senior decision makers. The respondents in both cases were primarily leaders in such sectors as consumer business, technology, telecommunications, and banking.

Québec’s Bill 64, which received royal assent in September, significantly amends the province’s privacy statutory regime, including introducing severe monetary penalties and a security incident reporting requirement. The amendments will come into force over three years. Survey respondents said they expected their teams to double in size in anticipation of increased compliance measures. Approximately 40% of the companies surveyed indicated that they did not understand the full range of the impacts Bill 64 would have on their activities. This was particularly true for small- to medium-sized businesses. Only 35% of businesses expected to be fully ready to comply.

With regards to Bill C-11, the majority of survey respondents reported being aware of the proposed legislation. Approximately 21% indicated compliance measures would cost their organizations more than $10 million, and nearly 40% anticipated adding more than 10 employees. Roughly 80% expected data deletion to have the biggest operational impact on their organizations.

For most organizations, preparing for privacy legislative reform will require compiling a data inventory, along with developing policies to address some of the new compliance requirements. With provinces other than Québec expected to introduce new privacy legislation or amend existing laws in the near future, companies can expect increased costs when dealing with multiple regulatory authorities. A skills shortage will further pose challenges in finding the best qualified personnel to fill new roles designed to discharge compliance obligations.

Watch the Webinar on Demand