Privacy Law Roundup

The COVID-19 pandemic has raised many new privacy and confidentiality matters for employers, employees and consumers. Federal and provincial privacy law reform efforts, however, appear to be at a standstill. This is despite the introduction of Bill C-11, the Digital Charter Implementation Act in late 2020. The bill promised to significantly modernize privacy laws in Canada and bolster accountability and individual privacy rights. It has yet been passed into law. Provincially, there has been little movement on reforming Ontario’s privacy legislation since the release of the government’s Modernizing Privacy Law in Ontario discussion paper and the initial launch of its public consultation in June 2021.

During the past year, some of the key privacy topics we have been navigating include:

Vaccine passports/certificates:

At the intersection of public health and privacy laws are vaccine passports and vaccine certificates. As these regimes developed over the spring and summer, most COVID-19 vaccine passports are now in digital form associated with a Quick Response (“QR”) code on mobile devices. Key privacy concerns include:

      • Collecting, disclosing and storing sensitive personal health information and ability to limit what is collected and shared;
      • Data security concerns including falsified certificates, security breaches or third-party disclosures and data tracking; and
      • Assessing the necessity and proportionality between privacy risks and goal of protecting public health on an ongoing basis.

Vaccine passports also raise intersecting privacy, equity and accessibility issues including:

      • Ensuring vaccine passports are available in accessible formats (including digital and non-digital) that are compatible with adaptive technology; and
      • Ensuring vaccine passport applications and programs are user friendly for people with different levels of capacity and internet and technology literacy.

COVID-19 Testing:

COVID-19 testing, including mandated rapid testing in the workplace, raises novel privacy issues including questions around data collection and disclosure. We have worked with many Developmental Services (“DS”) sector agencies this past year to develop testing policies and protocols that balance heath and safety interests and the privacy interests of employees and people supported by providing advance notice, communicating a clear purpose for testing and collecting results, limiting disclose to what is reasonably necessary and maintaining results in a secure manner and only for as long as reasonably necessary.

Access and disclosure requests:

DS sector agencies received an increased number of access and disclosure requests from people supported and their families during the pandemic. Lockdowns and visitation limits for health and safety reasons have increased the need for information and documentation for many families. Each request should be assessed on a case-by-case basis. In light of this trend, agencies should review and update their privacy policies, which should include developing disclosure request procedures and checklists to ensure transparency and compliance with legal obligations.

PooranLaw will continue to monitor legal developments related to the privacy law. In the meantime, if you require legal assistance, we encourage you to reach out to your regular PooranLaw lawyer, or any member of our team.


Note: This article provides general information only and does not constitute, and should not be relied upon as, legal advice or opinion. PooranLaw Professional Corporation holds the copyright to this article and the article and its contents may not be copied or reproduced in any form, in whole or in part, without the express permission of PooranLaw Professional Corporation.