Law Firms Face Increasing Legal Mandates to Keep Data Protected

Federal, provincial and international legislation requires law firms to keep data protected. Learn what your law firm needs to do to keep information safe.

For Canadian law firms, there is an increasing number of legal restrictions on the collection and use of data. Knowing about the regulations and how they affect clients and the firms’ use of personal information is essential.

The rules also mean paying extra attention to data security to keep client information protected from a cyberattack.

These regulations include federal and provincial laws, while firms that have international clients must contend with new legal restrictions from the European Union and the United States.

National Data Security Laws

What Federal Privacy Laws Affect Canadian Law Firms?

There are two pieces of federal legislation that affect law firms:

  • The Privacy Act. The Act gives citizens the right to know what personal information is being collected, used and disclosed by federal government entities. It includes guidelines for the retention and disposal of information and gives citizens the right to access information held by the government. It defines personal information as name; demographic information; educational, medical, criminal and employment history; identifying numbers; addresses; fingerprints, personal opinions or views; and correspondence with the government.
  • The Personal Information Protection and Electronic Documents Act. This law governs how private businesses collect, use and disclose personal information, requiring consent from individuals before doing so. The Act applies to private-sector companies that do business in Canada, whether located in the country or not. Personal information includes factual and subjective information, recorded or not, including name, age, ID numbers, income, ethnicity, blood type, opinions, comments, disciplinary actions, employee files, credit records, loan data and medical records. The Act also covers federally regulated industries, including airlines, banks, transportation companies, telecommunications companies, offshore drilling businesses and radio and television companies

In December 2019, prime minister Justin Trudeau went further, issuing a mandate letter that gives the Privacy Commissioner enhanced powers to create new online rights. (It also creates a Data Commissioner role who will work with large digital companies to protect personal data.) These rights include:

  • Data portability
  • Empowering citizens to withdraw, remove or erase personal data from platforms
  • Understanding how personal data is used, including the creation of a national advertising registry allowing citizens to revoke authorization to share or sell data
  • Proactive data security requirements
  • Communication when personal data are compromised during a data breach
  • Freedom from online bias and harassment

Are There Privacy Guidelines in Vancouver?

British Columbia’sPersonal Information Protection Act, passed in 2003, requires private businesses to obtain permission before collecting, using or disclosing personal information. Individuals have a right to access their information on demand.

The law covers incorporated and unincorporated businesses, nonprofit businesses and trusts. Noncompliance can mean fines of up to $100,000.

What Do Canadians Say About Online Privacy?

According to the 2018-19 Survey of Canadians on Privacy, citizens have strong feelings about privacy rights:

  • Two-thirds feel their knowledge of privacy rights are good (50 percent) or very good (14 percent)
  • Ninety-two percent have some concerns about protecting their privacy
  • Forty-five percent do not believe businesses respect privacy rights
  • The vast majority (90 percent) are concerned about their online information being used to steal their identities
  • Eighty-six percent disagree that companies should be allowed to use personal information in ways other than to provide them with services

That sentiment is reflected in a December 2019 decision by Statistics Canada to collect banking data from 500,000 households to analyze household spending and debt.

What Other Regulations Affect Canadian Law Firms?

Increasingly, jurisdictions across the world are taking steps to protect citizens regarding data privacy. Among the most wide-sweeping is the General Data Protection Regulation (GDPR) that covers European Union residents. It is similar to the federal and provincial laws, requiring businesses to provide disclosure, permissions and opt-out provisions. Several U.S. states have also passed data guidelines.

What Should Law Firms Do to Comply with Data Privacy Laws?

Law firms need to remain in compliance with an ever-increasing array of data privacy guidelines. At Compunet InfoTech, we provide technical solutions for law firms that help manage data, help-desk services, IT security, software support and ransomware deterrence. Learn more about our comprehensive IT solutions for law firms by contacting us today.