top of page
  • Deborah

On August 13, the Office of the Privacy Commissioner of Canada (OPC) announced that it has updated some of its guidance to explain further the types of information that will generally be considered sensitive and require a higher degree of protection (e.g., health and financial data, ethnic and racial origins, political opinions, genetic and biometric data, an individual’s sex life or sexual orientation, and religious/philosophical beliefs).

The OPC specified that the sensitivity of information depends on the nature of the information and the context in which it is being collected, used or disclosed.

Below is the list of the updated guidance together with the link to each document:

The decision to update the above-mentioned guidance results from discussions between the OPC and the Industry, Science and Economic Development Canada (ISED) regarding the European Commission ongoing review of the “adequacy” of Canada’s privacy legislation (adequacy review that must be conduct every four years as required under the General Data Protection Regulation (GDPR)).

The updated guidance will help organizations better assess what type of information should be considered sensitive in order to implement or update their privacy management framework accordingly.

The OPC indicates that an Interpretation Bulletin will be released later this year. The Bulletin will include additional detailed explanation on what should be considered sensitive personal information.

Recent Posts

See All

Information, Communication Technology (ICT) systems, generally includes all hardware, software, applications and systems that combined enable people and organizations to communicate digitally. ICT enc

25 January 2023 - Comments requested on Financial Conduct Authority (FCA) proposed Sustainability Disclosure Requirements (SDR) and investment labels. 6 February 2023 - Comment period closes for the u

Last November, 2022 the Bank for International Settlements (BIS) and the International Organization of Securities Commissions (IOSCO) published their Level 3 assessment of cyber resilience on 37 Finan

bottom of page