Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Media
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Nonprofit Organizations
    • Real Estate
    • Sports & Stadiums
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Videos
    4. Data protection laws in Canada

      Videos

    Data protection laws in Canada

    Jan 22, 2024

    LinkedInX (Twitter)EmailCopy URL

    By Jenny Holmes and Jason Kravitz

    Learn about the evolution of the Canadian data privacy landscape, from PIPEDA to CPPA, with guest Jade Buchanan, a technology and privacy attorney based in Vancouver. 

    Jade Buchanan, a technology and privacy partner with McCarthy Tétrault in Vancouver, has worked on some of the largest data breaches in Canadian history, which have involved ransomware and other types of data-breach attacks. He also has extensive experience with complex data-sharing agreements, regulatory compliance, and responding to inquiries from privacy commissioners.

    On this episode of A Little Privacy, Please!®, Jade walks us through the evolution of the Canadian data privacy landscape, from PIPEDA to CPPA.

    Watch this episode of A Little Privacy, Please!

    Can you talk to us about PIPEDA and what that law entails?

    It’s on its way out—we’re going to lose the entire “PIPE.” PIPEDA passed as the Personal Information Protection and Electronic Documents Act, so why privacy and electronic documents go together was just an issue of convenience at the time. The little “EDA” is going to end up on its own as the Electronic Documents Act, and we’re going to have brand new privacy legislation in Canada called the Consumer Privacy Protection Act (CPPA).

    Right now, it’s a fairly old piece of legislation and sometimes critiqued as not being modern. The new legislation currently before our Parliament is modernizing in that it addresses a few things like artificial intelligence, but more so than that, it introduces the possibility of significant fines. To date, we have a name-and-shame regime with the corresponding risk of class actions for invasion of privacy and negligence. Its primary enforcement has been through the privacy commissioner investigating and identifying conduct the office sees as offside.

    Is Canadian privacy law heading toward GDPR (General Data Protection Regulation)?

    In the big headline-grabbing ways, yeah.

    We’ve got PIPEDA, soon to be the CPPA; CPPA will have fines of up to 5% of local revenue. That’s 1% higher than the GDPR, which means it’s a stronger privacy law by a full percentage point.

    We also have legislation in the Province of Quebec that now does have significant fines and was very much inspired by the GDPR.

    Where we haven’t gone in the full direction of GDPR is in some of the more bureaucratic requirements. For example, we don’t have anything comparable to the requirements for a full data protection addendum. You’re required to protect personal information, including your contracts, and that’s interpreted as requiring certain clauses to be in a contract. The Quebec legislation lists a few things that need to be there, but it’s not as comprehensive. Some of the other more nity-gritty obligations in GDPR just aren’t there in Canada, which is aligned with how Canadians operate. We will comply with the law, but we’re not going to do a bunch of paperwork to do it.

    Is there anything else we should watch out for in the Canadian data privacy landscape?

    There are two things, actually.

    First, the CPPA is going to have fining power. It will also have settlement agreements where the privacy commissioner can enter into agreements with organizations the office thinks have not complied with the legislation. The government proposed a recent amendment to clarify that there can be a payment involved in that. That was interesting to me.

    The second item is CASL (Canada’s anti-spam legislation). It applies to email or text message marketing and any commercial-electronic messaging. Under that legislation, fines can be up to 25 million Canadian dollars. Most enforcement has the regulator entering into compliance agreements with a payment and a compliance program where an organization will fix its policies and procedures and agree to a certain amount of oversight.

    Now, you can see the settlement amount I mentioned in privacy compliance. Once you’re investigated by the privacy commissioner for a breach, there’s a good chance they’re going to expect a monetary payment if they consider your conduct meriting it.

    Is there non-compliance? Is there a risk that an organization has non-complied? Is there a legitimate concern? Let’s fix it, and let’s try and keep payment minimized.

    A Little Privacy, Please!

    Practices

    Cybersecurity & Privacy

    Insights And Happenings

    • Video

      Improving Cybersecurity for Small and Medium-Sized Businesses

      Cybersecurity & Privacy
      June 26, 2024
    • Video

      Cybersecurity risk and public finance credit ratings

      Cybersecurity & Privacy
      April 22, 2024
    • Video

      What’s driving the increase in CIPA class action litigation?

      Cybersecurity & Privacy
      March 20, 2024
    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Cookie Preferences
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Purchase Order Terms & Conditions
    • Nixon Peabody International LLC
    • PAL
    © 2025 Nixon Peabody. All rights reserved