What do blueberry pancakes and data privacy have in common? While not many things may come to mind, their commonality is that they share the same day of celebration, namely January 28. More specifically, January 28 is Data Privacy Day as well as National Blueberry Pancake Day.
A day marked for honouring blueberry pancakes makes for a delicious way to spend your time; however, a day reflecting upon the importance of data privacy and the current infrastructure in place in Canada to help protect your privacy cannot be understated.
What is Data Privacy Day?
So what is Data Privacy Day? It is a day meant to commemorate the signing of Convention 108 on January 28, 1981. Convention 108 was the first legally binding international treaty with respect to the protection of privacy and data.
What is the Importance of Data Privacy?
So why is data privacy so important?
For an individual, data can include some of the individual’s most sensitive information, such as medical, financial, employment, and academic information as well as personal communications with others. This is why the Court is often asked to consider section 7 (the right to life, liberty, and security of the person) and section 8 (the right to be secure against unreasonable search and seizure) of the Charter in assessing whether there has been an unreasonable invasion of the individual’s privacy in the collection, use or disclosure of the individual’s data.
For a business, data is an extremely valuable asset. The collection and use of personal data can allow for significant economic opportunity. Data can help equip a business to provide a better customer experience, it can provide a business with the opportunity to refine and target its marketing efforts, and it can be a direct source of revenue if sold to third parties. However, the collection and use of personal data can also lead to legal exposure, penalties, and fines if the custodian is not in adherence with privacy laws. Accordingly, businesses must be vigilant in ensuring that they have effective data privacy policies and data security in place. This includes creating operating procedures, educating employees, and implementing control measures (e.g., performing audits). As the demand for data grows, so too will the responsibilities custodians must fulfill in order to comply with ever-evolving privacy laws.
Given its importance, Canada has implemented its own laws to help safeguard privacy. For example, the Canadian Charter of Rights and Freedoms, the Privacy Act, the Personal Information Protection and Electronic Documents Act (PIPEDA), and provincial legislation such as the Freedom of Information and Protection of Privacy Act (FIPPA), the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), and the Personal Health Information Protection Act (PHIPA), all work together, to help protect the privacy of data held by public or private institutions. However, the importance of data privacy has never been greater, and it will only continue to grow as we become more dependent on technology. Currently, the Canadian Government is working to enhance privacy legislation to be more responsive to our reliance on technology with the introduction of Bill C-27, the Digital Charter Implementation Act. Bill C-27 contains three parts: 1) The Consumer Privacy Protection Act (replacing PIPEDA); 2) the Personal Information and Data Protection Tribunal Act; and 3) the Artificial Intelligence and Data Act (this would be Canada’s first artificial intelligence legislation). Bill C-27 is currently in its second reading and, if passed, will result in wide-reaching changes to the privacy law landscape.
Have Your (Pan)Cake and Eat it Too
So, on January 28, while you are enjoying your blueberry pancakes (hopefully with lots of maple syrup), take a moment to consider the security of your personal data and what you might be responsible for safeguarding. As a custodian of data, you should consider whether you are in compliance with current data privacy laws, what operating procedures are in place to effectively manage and safeguard data, and what plans are in place if data is mismanaged. These important considerations will certainly leave you with enough “food for thought” long after your pancakes are gone.