Annual Report to Parliament 2014 – Report on the
Personal Information Protection and Electronic Documents Act
In addition, requiring organizations to keep
and maintain a record of breaches, and provide
us with such information upon request would
be an important accountability mechanism.
Our Office would be able to evaluate
compliance with the notification provisions
and assess how organizations are deciding
whether to issue notifications.
We also look forward to the introduction
of voluntary compliance agreements under
PIPEDA. This is a tool our Office had
requested as a means to help ensure that,
after we close an investigation, the company
honours its commitments to improve privacy
While we have some concerns with some other
provisions in this Bill (see page 27), voluntary
compliance agreements and mandatory breach
reporting are positive steps forward for privacy
protection in Canada. In the interim, we
have taken steps to expand our capacity for
responding to breaches (see page 18).
THE WAY FORWARD
Looking ahead, I see one of the main
challenges of my mandate as ensuring that the
Office continues to ensure it is keeping pace
with the new realities of the privacy landscape.
Early in my mandate, I announced plans to
engage with stakeholders across the country to
help inform the selection of privacy priorities
for the next five years. The aim was to establish
priorities that will help focus our efforts
and guide discretionary resource allocation
decisions in order to increase our chances of
making a real difference.
At the time of this report’s writing, our Office
had met with stakeholders from business,
government, consumer advocacy groups, civil
society and academia to hear their views on the
strategic areas that pose the greatest threat to
Canadians’ privacy, and the areas in which the
OPC could have the greatest positive impact.
We had also conducted focus groups with
members of the general public to gain a deeper
understanding of their privacy concerns and