It's hard to believe that I've been at this for two years. On January 2, 2004 I did the first posting to this blog (The Canadian Privacy Law Blog: Welcome to the Canadian Privacy Law blog). At the time, I was concerned that I wouldn't have the attention span to keep it going for the long term. Now, two years and 1711 posts later (more than two a day), I'm pleased with how it has all turned out. I've met some pretty incredible people through the blog. This summer I had a surreal experience when a stranger recognized me in an elevator and asked if I was "the guy with the privacy website."
At the time, some people thought that privacy was just the flavour of the day and all the hubub would blow over. Either PIPEDA would be declared to be unconstitutional and business would go back to normal or business and healthcare would come to a grinding halt. None of that came to pass. PIPEDA and the PIPAs are completely manageable. Very few reputable companies had much to change; mostly, compliance was putting policies, procedures and accountability in place to support their existing practices. Some had to fine-tune their practices and I'm generally impressed with the number of companies that are recognizing privacy issues and are seeking professional counsel.
I expect the year ahead will also be interesting on the privacy front. PIPEDA will come under review in the federal Parliament and there is much work to be done to clarify the law and make it more manageable. For consumers, privacy continues to be a strong priority and the growth of identity theft makes their concerns all the more acute. The PIPEDA review will bring that concern front and centre. I'm waiting to see whether the legislators will take any action to address this. Some provinces, such as Ontario, may look again at provincial privacy laws of general application. Other provinces may follow Ontario's lead and implement health privacy laws that will harmonize the rules in the public and private healthcare settings. And I am sure that we'll continue to hear about more and more privacy/security breaches, mostly from the US states where laws require disclosure.
For this blog, my plan is to keep it up. The blog's reason for being is to be a useful resource on privacy developments in Canada and elsewhere. I'd be delighted to hear what changes readers would like to see in the year ahead to make it more useful. Please feel free to leave a comment or drop me a note by e-mail: email@example.com.
Also a special thank-you to the many people over the last two years who have sent me links to privacy-related articles and have pointed out typos.
Happy new year!