The Canadian Digital Charter (Bill C-27), which was recently passed in Parliament and will soon become law, introduces new considerations for businesses regarding privacy. Here are three key requirements outlined in the Bill and their implications for your business:

• Customers now have the right to request the deletion of their Personally Identifiable Information (PII) from company systems. Companies must prove compliance to specified standards.
  • Implication: Addressing PII deletion requests requires self-service capabilities and automated monitoring. Without automation, the costs of compliance and proof can strain budgets.

• Canadians must have the ability to securely transfer their personal information (PII) between organizations. Organizations must demonstrate adherence to required standards.
  • Implication: Securely handling PII transfer necessitates both the automation mentioned in the first point and a robust, economy-wide data protocol or framework for seamless, secure data movement.
• Special status is granted to minors’ information, including restrictions on organizations collecting or utilizing such data.
  • Implication: Handling minors’ information demands the features mentioned above, along with methods to verify age, as minors’ online presence complicates age verification.

While these changes present significant challenges, solutions are available. Want to learn more? Reach out to Garth Wardle at garth.wardle@itpartners.ca or schedule a meeting using https://calendly.com/gwardle-2/30minute.