Last review date: 26 December 2023
There are:
☒ administrative remedies / civil penalties applied by regulators and law enforcement
The OPC, Alberta OIPC, BC OIPC and Quebec CAI have the power to investigate complaints from individuals or initiate investigations on their own accord and publish public reports of findings. The OPC cannot make enforceable orders, but the Alberta OIPC, BC OIPC and Quebec CAI can. The OPC can however, after an investigation, make an application to the Federal Court, which has broad order-making powers. The OPC can also enter into compliance agreements with organizations.
☒ criminal penalties from regulators and law enforcement
PIPEDA: Organizations that commit offenses may be subject to fines of up to CAD 100,000.
Alberta PIPA: Organizations that commit offenses may be subject to fines of up to CAD 100,000.
BC PIPA: Organizations that commit offenses may be subject to fines of up to CAD 100,000.
Quebec Act: Following significant increases to monetary penalties effective September 2023, a failure to comply with the Quebec Act's requirements for the collection, storage, communication or use of personal data may result in a fine of up to a maximum amount of CAD 50,000 (approximately USD 40,000) in the case of a natural person and, in all other cases, CAD 10 million (approximately USD 8 million) or, if greater, the amount corresponding to 2% of worldwide turnover for the preceding fiscal year.
CASL: Organizations that fail to comply with certain direct marketing provisions of CASL may be subject to administrative monetary penalties of up to CAD 10 million (approximately USD 8 million).
☒ private remedies
PIPEDA: While PIPEDA does not establish a specific private right of action, failure to comply with PIPEDA may result in civil actions, class actions, or private rights of action. A complainant may also, after filing a complaint with the OPC and after receiving the OPC's report of findings or being notified that the complaint has been discontinued, apply to the Federal Court for a hearing. The Federal Court may, in addition to other remedies, order an organization to correct its practices to comply with PIPEDA or award damages to a complainant, including damages for any humiliation that the complainant has suffered.
Alberta PIPA: Where the right of appeal for an order made or conviction issued for a breach of Alberta PIPA has been exhausted, an individual affected by the breach has a cause of action for damages for loss or injury they suffered as a result of the breach or conduct.
BC PIPA: Where the right of appeal for an order made or conviction issued for a breach of BC PIPA has been exhausted, an individual affected by the breach has a cause of action for damages for the actual harm they suffered as a result of the breach or conduct.
Quebec Act: Failure to comply with the Quebec Act may result in civil actions, class actions, or private rights of action. An individual may appeal a final decision of the Quebec CAI and may also apply for leave to appeal from an interlocutory decision of the regulator. Effective from 22 September 2023, individuals can sue private sector organizations for damages pursuant to a new private right of action provision under the amended Quebec Act or under articles 35 to 40 of the Civil Code of Quebec. If the infringement is intentional or results from gross negligence, the court can also award punitive damages of at least CAD 1,000 (approximately USD 799).
☐ other