Link to article: https://iapp.org/news/a/canada-introduces-new-federal-privacy-law/

Attached: Summary of bill by Shaun Brown, nNovation

Key points (provided by Dennis Dayman):

       • Change in consent requirements - implied consent to collect, use and disclose personal information which be far more limited to specific circumstances (this one will have facebook and Google quite upset). For the most part, the new regime will require express consent.
       • An important caveat for us in this change is that transfer to third party processors of PII does not require consent.
       • There are new provisions for ensuring adequate security safeguards. These provisions are intentionally vague and leave it to organizations to determine the appropriateness of technology and protocols. the important point is the enforcement provisions and fine structure for failure to adequately safeguard.
       • New enforcement powers for the Privacy Commissioner include compliance orders, preservation orders, investigation orders and referral orders to a new Tribunal to be established under the Act.
       • Data mobility - consumers will have a right to demand PII be transferred a competing company.
       • Right to erasure - consumers will have a right (with certain exceptions) to demand their PII be expunged from or corrected in organization's data bases.