Canada has introduced the Digital Charter Implementation Act — officially called an “Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts.” It represents one of the biggest shakeups in Canada’s privacy law in decades. f the bill passes, companies could face fines of up to five per cent of global revenue or $25 million — whichever is greater — for the most serious offences. Officials said the legislation provides for the heaviest fines among the G7 nations’ privacy laws.

The introduction of Canada’s proposed Digital Charter Implementation Act continues the trend toward tighter governmental regulation of businesses handling and processing consumers’ private and sensitive data. Steeper fines only add to the incentive for companies to comply with data privacy mandates, joining other negative outcomes such as tarnished brand reputation and loss of trust in the offending business.
The move should serve as a strong reminder to businesses located or operating in Canada that data security is paramount to doing business in the country. Each organization should rethink how they protect sensitive data throughout its entire lifecycle, including knowing where this data is within their infrastructure, the level of sensitivity, and the right way to protect sensitive information.
Data-centric security measures such as tokenization and format-preserving encryption are far more effective than perimeter-based methods, facilitating data freedom of movement that businesses need in order to use that information effectively while complying with strong data privacy regulations such as this proposed act.