The Library of Parliament recently published a legislative summary of Bill C-29: An Act to amend the Personal Information Protection and Electronic Documents Act(PIPEDA).
[…]
“Bill C-29 adds several new definitions to PIPEDA. It preserves the existing definition of personal information as ‘information about an identifiable individual,’ but removes the wording excluding the names and coordinates of employees, and creates a new definition for business contact information (clauses 2(1) and 2(3)). It also specifies that PIPEDA’s provisions on personal information do not apply to business contact information (clause 4).”
“In addition, the bill expands the coverage of PIPEDA to the personal information of applicants for employment with federal businesses, works and undertakings, instead of just employees (clause 3).”
Source: Library Boy via Canadian Privacy Law Blog
Major sections of the proposed amendments concern issues of consent and new exceptions to disclosure without consent, as well as a new requirement of notifying the government in the event of a data breach. Individuals would only have to be notified if there was significant risk of real harm (ugh!).