REGULATIONS

CPPA & PIDPT

Canada is set to replace its existing privacy legislation the Personal Information Protection and Electronic Documents Act or “PIPEDA” with the new Consumer Privacy Protection Act (“CPPA”) and the Personal Information and Data Protection Tribunal Act (“PIDPT”).

Consumer Privacy Protection Act, CPPA

The CPPA’s goal is to create a novel private sector data privacy law that updates and completely replaces the existing Personal Information Protection and Electronic Documents Act (PIPEDA). The PIDPT seeks to set up a new institutional Personal Information and Data Protection Tribunal with the authority to levy large fines for CPPA violations.

Non-compliance

HHS may impose civil money penalties up to $100 per failure. The upper limit for penalty per year is $25,000. If anyone discloses or obtains information with malicious intention, it may attract criminal penalty of $50,000 and up to one-year imprisonment. This fine and imprisonment may increase due to additional factors of false pretences, intention to sell or transfer PHI, or use it for commercial purposes or malicious harm.

How our privacy team can help

At Tsaaro’s, our privacy team comprises of experienced lawyers and InfoSec professionals. Together we ensure that your organisation is compliant with all regulatory requirements along with best possible technical and infrastructural solutions. We provide personalised plans to our customers to inculcate data protection by design and by default in their processes in a cost efficient manner.