On August 13, the Office of the Privacy Commissioner of Canada (OPC) announced that it has updated some of its guidance to explain further the types of information that will generally be considered sensitive and require a higher degree of protection (e.g., health and financial data, ethnic and racial origins, political opinions, genetic and biometric data, an individual’s sex life or sexual orientation, and religious/philosophical beliefs).
The OPC specified that the sensitivity of information depends on the nature of the information and the context in which it is being collected, used or disclosed.
Below is the list of the updated guidance together with the link to each document:
What you need to know about mandatory reporting of breaches of security safeguards
Personal information retention and disposal: principles and best practices
The decision to update the above-mentioned guidance results from discussions between the OPC and the Industry, Science and Economic Development Canada (ISED) regarding the European Commission ongoing review of the “adequacy” of Canada’s privacy legislation (adequacy review that must be conduct every four years as required under the General Data Protection Regulation (GDPR)).
The updated guidance will help organizations better assess what type of information should be considered sensitive in order to implement or update their privacy management framework accordingly.
The OPC indicates that an Interpretation Bulletin will be released later this year. The Bulletin will include additional detailed explanation on what should be considered sensitive personal information.