On January 29, 2024, Canada Parliament reconvened following a recess. As the winter session commences, the Standing Committee on Industry and Technology (INDU) is poised to continue its examination of Bill C-27, the Digital Charter Implementation Act, 2022. Bill C-27 summary: Digital Charter Implementation Act, 2022 Bill C-27 aims to to enact the Consumer Privacy Protection Act(CPPA), the Personal Information and Data Protection Tribunal Act (PIDPTA) and the Artificial Intelligence and Data Act(AIDA) and to make consequential and related amendments to other Acts. The CPPA is expected to replace PIPEDA's "Protection of Personal Information in the Private Sector" section, while the PIDPTA would institute an administrative tribunal for appeals of specific decisions made by the Privacy Commissioner of Canada under the CPPA. Additionally, the CPPA would enforce penalties on organizations found to be in violation of its provisions. Of significance is the AIDA which introduces a fresh framework governing the utilization and commerce of artificial intelligence systems. of the three Acts, the Consumer Privacy Protection Act ("CPPA") is anticipated to exert the most significant influence on entities involved in the collection and processing of personal information.This law will apply to all private sector businesses in Canada no matter its size. It will enhance Canada's privacy legislation, fortify protections for the personal information of Canadians and provide businesses with clear guidelines for navigating the evolving technological landscape. Significant Changes From PIPEDA Empowering the Privacy Commissioner of Canada with extensive order-making authority; and Introducing substantial fines for organizations that fail to comply with the regulations. Enhancing control and transparency in the handling of personal information by organizations. Implementing stronger safeguards for minors. Enabling Canadians to request the deletion of their information when it becomes unnecessary; Significance for Businesses The implementation of Bill C-27 will significantly impact Canadian businesses.Canadian businesses will need to make significant investments to safeguard customers or employees personal information or risk facing substantial financial and administrative penalties. Organizations found to knowingly breach the law or impede the Commissioner's investigations, inquiries, or audits may face penalties: Indictable Offence: Subject to a fine of up to the higher of $25,000,000 or 5% of the organization’s gross global revenue. Summary Conviction: Liable to a fine of up to the higher of $20,000,000 or 4% of the organization’s gross global revenue. These fines are determined based on the financial year preceding the organization's sentencing. The CPPA also mandates all businesses to establish and maintain a privacy management program by creating policies and procedures aimed at protection personal information in its care. it is now of utmost importance that you establish a privacy management program in your organization before the enactment of the CPPA. If you do not have one, Get In touch with us to help you with it. Hakim Fubara CISSP, CISM, CISA, SWIFT CSP, PCI-QSA, ISO/IEC 27001 Lead Auditor