Skip to the main content.

2 min read

The Death of Bill C-11 and PIPEDA Self Assessments

The Death of Bill C-11 and PIPEDA Self Assessments

Canadian legislators introduced Bill C-11 in 2020, also known as the Digital Charter Implementation Act, 2020, which would have repealed parts of the Personal Information Protection and Electronic Documents Act (PIPEDA) and established a new legislative framework regulating the collection, use, and disclosure of personal information for commercial activity in Canada. However, we have recently seen Bill C-11 die, and thus be retracted from parliament. There is no indication of whether the Bill will be introduced or if future initiatives will carry similar provisions. This means that PIPEDA will continue as the primary federal private sector data protection law for the foreseeable future, until there is a more concrete plan put in place. Whilst PIPEDA provisions are in place to regulate organizations in most provinces, schools may still want to implement more stringent measures to ensure that they are protecting the personal and sensitive information of their data subjects to the best of their abilities.

 

Data protection compliance should always run on a framework, there should be a solid structure behind the way that your school protects the personal and sensitive information of students, parents and staff members. A privacy compliance program is the framework that helps you adequately protect the personal information of the members of the school community.

 

For all of the latest privacy and cyber trends, download our Education Privacy and Technology Magazine!

         

 

OPC’s assessment tool

 

The Office of the Privacy Commissioner of Canada (OPC) has created a PIPEDA self assessment tool to help organizations develop and maintain a comprehensive privacy program. The tool helps you identify gaps through a benchmarking process so that you can clearly see what needs to be done to ensure compliance with PIPEDA.


The PIPEDA self assessment tool includes a Compliance Assessment Guide which lays out key principles of PIPEDA and how to ensure that your school implements the correct activity to abide by them. These include:

  • Accountability
  • Identifying purposes
  • Consent
  • Limiting Collection
  • Limiting Use, Disclosure, and Retention
  • Accuracy
  • Safeguards
  • Openness
  • Individual Access
  • Challenging Compliance

For instance, the Accountability Principle makes organisations responsible for the personal information under their control, and requires them to designate at least one individual who is accountable for protecting all personal information in the organization’s possession or custody, even after being transferred to a third party for processing.


Schools can find OPC’ self assessment tool here.

 

The Canada Handbook

 

The Canada Handbook is an informational resource that outlines the foundations of the current PIPEDA regulations and the requirements for schools under these regulations. The Handbook includes:

  • A timeline of Selected Privacy Laws in Canada
  • An overview of Selected Privacy Laws in Canada
  • Regulatory Guidance
  • Notes on the PIPEDA and Commercial Activities
  • Extraterritorial Scope of Certain International Laws 
  • Importance of Crafting a Principles-Based Approach to Data Protection Compliance 
  • Information & Cyber Security
  • Operationalizing Data Protection with 9ine
  • Overview of Omnibus Data Protection Laws Plus Bill C-11

By utilising the Handbook, your school will be better equipped when it comes to implementing a privacy management program.

 

9ine Training

 

Through our experience, 9ine has found that there is a lack of formal, structured training for school IT professionals. That is why we created the 9ine Technical Academy which focuses on security hardening, reducing vulnerabilities in school systems. This training program will provide instructional, methodical, and applicable training on how IT teams can improve cyber security and IT systems operational performance at their school.

Alongside the 9ine Technical Academy, there is also the 9ine Privacy Academy. A series of training sessions in which 9ine data privacy experts will give members of your staff, applicable resources and information to advance your privacy compliance program. Each course workshop will feature examples and case studies using the 9ine App as a resource. In attending the 9ine Privacy Academy, your school will be well equipped to advance your privacy compliance program.

 

 

The 9ine App implements a successful and effective data privacy framework into the school PMP in a natural way. Through the use of risk assessments and documentation, schools are given everything they need to ensure that they can evidence compliance now, and when new provisions are implemented by the UK government. By using the App, schools will be better prepared to demonstrate compliance efforts.

 

 

To learn more about how 9ine is helping schools in Canada, talk to one of our expert consultants.

 

Japan's Privacy Laws and 9ine's Japan Handbook

Japan's Privacy Laws and 9ine's Japan Handbook

During 2020, Japan’s Act on the Protection of Personal Information (“APPI”) underwent amendments resulting in the expansion of data protection...

Read More
What Schools In China Can Do in Light of The New PIPL

What Schools In China Can Do in Light of The New PIPL

On August 20th, the National People’s Congress of China enacted the Personal Information Protection Law (PIPL), which will become effective on...

Read More
Tackling Subject Access Requests

Tackling Subject Access Requests

Subject Access Requests (“SARs”) intertwine with a data subject's right to access and receive a copy of their personal data, and other supplementary...

Read More