Most organizations in the Digital Age find themselves the custodians of an increasing amount of personal information and/or personal health information. At the same time, privacy breaches are on the rise, and there is a growing number of potential plaintiffs seeking to recoup damages through what is an evolving area of tort law. Not surprisingly, therefore, privacy has become a hot topic on many organizations’ risk management agendas.

A recent investigation report issued by the Saskatchewan Information and Privacy Commissioner draws attention again to the sloppy use of terminology in health organization policies and procedures. The Investigation Report 269-2016 & 303-2016 underscores a recommendation made by that oversight office in an earlier report relating to reliance on the non-statutory term “circle-of care” when discussing the collection, use and disclosure of personal health information.

Staff from the British Columbia Securities Commission, the Ontario Securities Commission, and the Autorité des marchés financiers recently reviewed disclosure documents provided by 240 issuers of the S&P/TSX Composite Index.

On Dec. 9, 2016, the Ontario Superior Court of Justice released Patel v. Sheth, the latest in a series of cases sprouting from the 2012 recognition of a tort of intrusion upon seclusion in Jones v. Tsige.

Trent Skanes provides a recap of the he 2016 Access to Information and Privacy Law Symposium, held in Ottawa in October.

It has long been apparent that, given the ease with which data moves over borders, privacy enforcement must contemplate enforcement action that goes beyond any single state’s borders. The office of the Privacy Commissioner of Canada has been an effective leader in promoting greater international cooperation.

Some of the largest figures in the sharing economy, such as Uber and Airbnb, have been in existence for close to a decade. Governments have been slow to regulate these industries, particularly with regard to privacy and data protection.

The first compliance and enforcement decision under Canada’s Anti-Spam Law was issued on October 27, 2016 by the Canadian Radio-television and Telecommunications Commission against Blackstone Learning Corp.

Class actions are emerging as a potential venue for litigants to seek compensation for privacy breaches. The recent approval of a class action settlement in Lozanski v The Home Depot, Inc. by the Ontario Superior Court of Justice is notable as one of the few privacy breach class action settlements in Canada.

In-house counsel together pose the question “is PIPEDA up to the challenge?” And, collectively, the authors of this article answer “yes.” Canada’s privacy legislation has strong bones and is able to grow with and adapt to changes in the way personal information is collected and used.