With the ever-increasing role of technology, legislation requires updating in order to maintain high standards for privacy protection. Recently, the federal government updated the Personal Information Protection and Electronic Documents Act, known by most as “PIPEDA”, particularly relating to obligations to report the loss of, or unauthorized access to or disclosure of, personal information—commonly known as a privacy breach.
Privacy in Alberta is protected under the Personal Information Protection Act (PIPA). It governs the collection, use, and disclosure of personal information. It upholds the balance between individuals’ rights to have their personal information protected, and the need of some organizations to collect, use, or disclose personal information for reasonable purposes. While PIPEDA recently changed to include when privacy breaches are to be reported, the obligations under PIPA to report privacy breaches have existed for several years.
CPA Alberta reminds registrants what to do in case a privacy breach comes up in their practice. In August 2018, the Office of the Information and Privacy Commissioner of Alberta published the following Practice Note:
Alberta CPAs are urged to review the Practice Note, as it contains information about reporting a privacy breach to the Privacy Commissioner, including answering such questions as:
- What is a privacy breach?
- Who is responsible for reporting a breach to the Commissioner?
- When does a breach need to be reported to the Commissioner?
- What information must be included in a report to the Commissioner?
- What are the penalties for a breach?