Filter by Category

What is the Digital Charter Implementation Act?

New proposed Canadian privacy law

Introducing the Digital Charter Implementation Act, 2020

In November 2020, one of the biggest shakeups in the history of Canada’s privacy law, the Digital Charter Implementation Act (DCIA), was proposed and is currently on the horizon.

The DCIA is composed of two separate Acts: The Consumer Privacy Protection Act (CPPA) and the Personal Information and Data Protection Tribunal Act (PIDPT).

The CPPA would establish a new private sector privacy law, updating and effectively replacing Canada’s current Personal Information Protection and Electronic Documents Act (PIPEDA).

The PIDPT would establish the Personal Information and Data Protection Tribunal to hear recommendations and appeals from the Office of the Privacy Commissioner (OPC) and establish a quicker path to enforcement.

The Digital Charter Implementation Act Prioritizes Privacy

If passed, the DCIA would be a noteworthy shift for both the consumer and the company. The DCIA would significantly increase the protections for Canadians’ personal information by giving citizens more control and greater transparency regarding when and how companies are handling their personal information.

The new privacy law would give the Privacy Commissioner the power to recommend fines, perform audits, issues binding orders, and force an organization to comply and/or order a company to stop collecting data or using personal information.

Additionally, the DCIA would establish higher consequences for non-compliance with the law, including heavy fines for violation – as high as five percent of revenue or $25 million, whichever is greater, for the most serious of infractions.

What Does the Digital Charter Implementation Act Mean If You Live in Canada?

If you are a citizen of Canada, the passing of the DCIA would permit the following:

  • Increased data mobility – To improve control, you would now have the right to direct the transfer of your personal information from one organization to another in a secure manner. For example, you could direct your bank to share your personal information with a separate institution.
  • Meaningful consent – The modernized consent rules of the DCIA would ensure that you and other citizens would have the plain-language information you need to make meaningful choices about the use of your personal information.
  • Algorithmic transparency – The CPPA contains new transparency requirements that apply to automated decision-making systems such as algorithms and artificial intelligence. Because of this, businesses would need to be transparent with you about how they’re using such systems to make predictions, recommendations, or significant decisions about you. Additionally, you would have the right to request an explanation from businesses regarding how a prediction, recommendation, or decision was made by an automated decision-making system and how the information was obtained.
  • Disposal of personal information & withdrawal of consent – The legislation would allow you to request that organizations dispose of personal information, and typically, allow you to withdraw consent for the use of your information. Additionally, the CPPA would ensure that you are able to demand your information on social media platforms be permanently deleted. When consent is withdrawn or information is no longer necessary, you can demand that your information be destroyed.
  • De-identified information – The practice of removing direct identifiers (like a name) from personal information is becoming increasingly common, yet the rules that govern how this information is then used is a bit of gray area. However, the DCIA legislation states that this information must be protected and can only be used without your consent or knowledge under specific circumstances. Circumstances such as to de-identify information, transfer information to a service provider, or certain business activities like providing or delivering a product or service that an individual requested.

Compliance is Key for the Digital Charter Implementation Act

If the DCIA passes, non-compliance could cost organizations millions of dollars. Fortunately, secure file transfer solution, GoAnywhere Managed File Transfer (MFT) can help you to meet your IT security and compliance regulations, standards, and technologies with ease.

GoAnywhere MFT can help you meet a variety of security standards by providing file transfer encryption technologies, file transfer monitoring, detailed audit logs and reporting, granular user permissions, flexible options for sending files securely, and more.

Related Reading: How to Help Ensure Compliance with Data Privacy Laws

GoAnywhere MFT Meets Compliance Needs for File Transfer Data Security

In our age of extreme data use, sharing and storage, compliance is a serious requirement for any organization that processes personal data.

With the Digital Charter implementation Act, failure to follow compliance requirements carries a hefty price tag. With GoAnywhere MFT’s assistance, you can count on the support you need to meet any security standards DCIA might have in place.

See how GoAnywhere MFT can help you comply today.

Related Posts


7 Essential Resources on PCI DSS Security

Whether you’re just learning about PCI DSS requirements, or want to expand your data security game, these 7 resources will help you reach your PCI DSS security goals.


How to Help Ensure Compliance with Data Privacy Laws

Data privacy law compliance is easier to meet when a managed file transfer solution, like GoAnywhere, is in place to offer security, encryption, automation and more.


3 Data Breaches That May Have Been Avoided through PCI DSS Compliance

Learn how 3 major data breaches could have been prevented with PCI DSS compliance and secure managed file transfer.


What You Need to Know to Prepare for GDPR Compliance

The GDPR goes into effect May 25, 2018. With under 12 weeks to go until organizations need to meet GDPR requirements, it’s imperative to prepare for success—and avoid crippling fines. Use this readiness checklist to ensure you’re aligned with GDPR compliance needs.