By Richard Stobbe

In our post earlier this year (Privacy Update: Will Consent be Required for Outsourcing Canadian Data?) we reviewed the changes proposed by the Office of the Privacy Commissioner of Canada. These changes would have changed the way the Commissioner viewed transborder flows of personal information. Transfer across a border would have been considered a “disclosure”, mandating a new consent, as opposed to a “use” which could be covered by the initial consent at the time of collection. 

In September, after the consultation period ended, the OPC confirmed it will hold to its 2009 Guidelines for Processing Personal Data Across Borders.

This is good news for any Canadian business who uses a service provider outside of the country to process data – such as the use of Gmail for corporate email, or Amazon Web Services (AWS) for data hosting, or the use of a UK company for CRM data processing services.  If your company is compliant with the 2009 guidelines, then no change is required.

For advice on cross-border transfers of personal data, please contact us.

Related Reading: OPC Reaffirms 2009 Consent Standard for Cross-Border Data Processing

Calgary – 07:00 MST