On May 9, 2018, the Privacy Commissioner of Canada appeared before the Standing Senate Committee on Banking, Trade and Commerce to present his views in relation to Division 16 of Bill C-74, the Budget Implementation Act.

According to the Commissioner, the amendments proposed in Division 16 of Bill C-74 remove current impediments in the law in order to facilitate business relationships and engagement between federally regulated financial institutions and financial technology organizations (FinTechs). The intended effect of these amendments is to offer new flexibilities for the financial sector and its customers so that they may take advantage of emerging technologies. However, the amendments also broaden the types of organizations that may receive personal information from financial institutions.  This has raised privacy concerns.

Consent

The Commissioner noted that FinTechs should generally obtain express consent from their customers and follow the Guidelines for Consent. However, FinTechs may wish to proceed otherwise and, under the current amendments, the Commissioner does not have the authority to require organizations to apply reasonable measures in obtaining consent.

Safeguards

The Commissioner also noted that FinTechs need to pay careful attention to their obligations under PIPEDA as it pertains to PIPEDA’s Breach Notification safeguards, and the new breach reporting requirements, as previously reported in the E-TIPS® newsletter.  These breach reporting requirements come into force on November 1, 2018.

The Commissioner’s complete submissions are available on the Office of the Privacy Commissioner’s website here.

Summary By: Jae Morris

E-TIPS® ISSUE

18 05 30