Data Privacy & Cybersecurity

Privacy Commissioner of Canada Testimony on Bill C-12

The Privacy Commissioner of Canada, Philippe Dufresne, testified before the Senate Committee on Bill C-12, the Strengthening Canada's Immigration System and Borders Act. He highlighted language in the bill related to information-sharing agreements as a positive example of recommended approaches for extensive personal information disclosures.

Privacy Commissioner Recommends Bill C-4 Amendments for Political Party Privacy

The Privacy Commissioner of Canada recommended amendments to Bill C-4 to introduce privacy rules for political parties. The Commissioner suggested that these rules should parallel existing public and private sector requirements under federal law, adapted for the democratic context.

Loblaw PC Optimum Data Retention Investigated Under PIPEDA

The Office of the Privacy Commissioner of Canada has concluded an investigation into Loblaw Companies Ltd.'s retention of PC Optimum loyalty program member data. The findings highlight the importance of ensuring anonymized data cannot be re-identified and that personal information is destroyed or anonymized when no longer necessary.

Staples Canada ULC Investigated for Privacy Practices on Resold Devices

The Office of the Privacy Commissioner of Canada investigated Staples Canada ULC regarding its Openbox program for resold electronic devices. The investigation found deficiencies in data wiping procedures and employee training, leading to recommendations for Staples to improve its practices within nine months.

PIPEDA Investigation into Google Search Compliance

The Office of the Privacy Commissioner of Canada (OPC) has concluded its investigation into Google's search engine compliance with PIPEDA. The investigation found that Google's accuracy obligations do not extend to the underlying content of linked articles, but it must ensure personal information in search results is accurate.

Joint Investigation of TikTok by Canadian Privacy Commissioners

Canadian privacy commissioners have concluded a joint investigation into TikTok's collection, use, and disclosure of personal information, particularly concerning children. The findings address appropriate purposes for data handling and the validity of user consent for ad targeting and content personalization.

CISA: Ignition Software Vulnerable to Code Execution

CISA issued an advisory for Inductive Automation Ignition Software versions prior to 8.3.0, identifying a deserialization vulnerability (CVE-2025-13913) that could allow remote code execution. Users are recommended to upgrade to version 8.3.0 or later.

Data Broker Registration Fee Regulations

The California Privacy Protection Agency (CPPA) is now responsible for the state's data broker registry, effective January 1, 2024. Data brokers must pay an annual registration fee, which the CPPA may adjust. Final regulations for the fee structure have been published for 2024, 2025, and 2026 registrations.

CPPA Seeks Comments on Reducing Privacy Rights Friction

The California Privacy Protection Agency (CPPA) is seeking preliminary comments on potential regulatory changes to reduce friction in how consumers exercise their privacy rights. The comment period is open from March 6, 2026, until April 6, 2026.

CPPA Seeks Comments on Opt-out Preference Signals Rulemaking

The California Privacy Protection Agency (CPPA) is seeking preliminary public comments on potential rulemaking regarding Opt-out Preference Signals (OOPS). The agency is gathering information to explore whether regulatory changes are necessary to reduce friction in exercising privacy rights. Comments are due by April 6, 2026.