Table of Contents Table of Contents
Previous Page  13 / 59 Next Page
Show Menu
Previous Page 13 / 59 Next Page
Page Background

Message from the Commissioner

The Supreme Court of Canada’s decision in

R. v. Spencer

was an important step forward

in this discussion. In its unanimous decision,

the Court held that there is a reasonable

expectation of privacy in telecom subscriber

information that can reveal Internet usage

and that, absent exigent circumstances or a

reasonable law, law enforcement officials need

prior judicial authorization to obtain such data.

Left unanswered however, was the question of

the circumstances in which organizations may

voluntarily disclose other types of information

in response to police and government

requests. Consequently, in November 2014,

I called on Parliament to provide guidance

for organizations and Canadians to better

understand when their personal information

may be disclosed to public authorities without

consent or judicial authorization.

In the wake of the Supreme Court’s decision

in Spencer and in light of Canadians’

concerns regarding warrantless access requests,

we welcome the publication of company

transparency reports and applaud those who

are changing their policies following the ruling.

We are also working with service providers

and encouraging them to be more transparent

about how often and in what circumstances

they respond to authorities’ requests for

personal information.

Transparency of this kind is central to privacy

protection. It informs individuals about

how their personal information will be used,

supports their decision making and creates

opportunities for companies to earn and

maintain consumer trust.



More than a decade ago, PIPEDA was

enacted to build trust in the digital economy.

Data breaches pose a threat to Canadians’

confidence. Thus, we welcome the proposed

amendment to PIPEDA in Bill S-4, the

Digital Privacy Act

, which seeks to implement

mandatory breach notification. By obliging

organizations to inform us of material

breaches, we, in turn, will be able to work

with companies—helping them to respond

appropriately and to put practices in place

to prevent future incidents. Mandatory

notification will also provide a clearer picture

of the frequency and type of data breaches

experienced by organizations.

Mandatory notification would better inform

Canadians of situations in which their personal

information has been compromised. It would

also enable Canada to keep pace with other

jurisdictions where similar measures have been

enacted or are being considered.