The Bill proposes to amend PIPEDA to:
- Require organizations to notify the Privacy Commissioner of any breach to the security of personal information where there is a possible risk of harm to the affected individual(s);
- Allow the Privacy Commissioner to order organizations to notify affected individual(s) of a data breach if an appreciable risk of harm is found;
- Create order-making powers to be used by the Privacy Commissioner to enforce the Personal Information Protection and Electronic Documents Act in the event that an organization mishandles the personal information of Canadians ; and
- Empower the Federal Court to impose fines in cases of non-compliance with an enforcement order issued by the Privacy Commissioner.
While private members' bills historically don't go anywhere, it will be interesting to watch the debate over this one.