When it comes to your personal data, there are several privacy laws in place to protect you.
Laws like the Personal Information Protection and Electronic Documents Act, the Anti-Spam Legislation and others have tons of rules on what businesses cannot do with your data.
Generally speaking, these rules say businesses cannot collect, use and share your data without your consent. They also spell out minimum protection measures businesses must take to protect your information, so that they're not stolen and abused.
In addition, in the event of a data breach, amendments under the Digital Privacy Act will also soon require businesses to notify a privacy commissioner(s), all affected individuals who suffer "serious harm" and any third party who can mitigate losses.
If businesses fail to protect your data and there is a breach, there are a few things you may be able to do.
You may make a complaint to a privacy commissioner(s). They may investigate and make appropriate orders, including issuing fines when the new amendments come into effect. You may also take them to court for remedies.
Courts have recognized torts of "intrusion upon seclusion" and "public disclosure." Tortuous claims on the basis of breach of contract, confidence, fiduciary duty, trust and negligence could be successfully made as well.
Businesses are likely to settle and offer some sort of compensation.
Your information and political parties
Whereas businesses are legally required to protect your data, and there are things you can do to remedy a potential data breach, generally speaking, political parties don't have such legal requirements aside from some rules in relevant election-related legislations, and you have very limited options to remedy a potential data breach.
For example, the Personal Information Protection and Electronic Documents Act does not apply to political parties, and the Privacy Act does not apply to political parties.
What that means is that political parties have much more freedom than businesses to collect, use and share your data. It also means they don't need to follow minimum protection to safeguard your data, and there is practically no oversight.
The Trudeau government recently tabled a bill to only in part address this huge gap
The privacy commissioner has no jurisdiction over political parties. The commissioner therefore cannot investigate and order remedies. Historically, courts have been very reluctant to get involved with political parties.
This leaves political parties, which have personal and financial data of millions of Canadian voters, to create and enforce their own internal data collection, usage and protection policies.
The Trudeau government recently tabled a bill to only in part address this huge gap.
Bill C-76, if passed, would require political parties to: publish a statement on what information they collect on voters and how they collect them; publish a statement on how they will use and protect voters' information, including when they may sell or share the information; publish a name and contact information to whom voters may complain if there are any concerns; provide the Chief Electoral Officer a copy of privacy protection policies.
If political fail to meet these requirements, the Chief Electoral Officer may deregister political parties.
The question is, are these measures enough?
While they are a step in the right direction, the bill doesn't go far in enough. The bill doesn't prescribe what minimum protection standards political parties should have. It doesn't spell out what remedies voters may have in case there is a breach (i.e. their data is stolen).The bill doesn't address who may investigate a breach (i.e. a privacy commissioner), and what if any orders could be made. It also doesn't impose notification requirements for political parties in the event of a breach.
More from HuffPost Canada:
Time to have the conversation
In today's environment where data theft and other data-related crimes are on the rise, personal data protection is more important than ever.
When Canadians participate in our democracy, and share their information with political parties, they should expect that their data will be used strictly for the purpose for which the data was collected, and that they'll be protected.
As consumers, Canadians can have these expectations because we have a privacy framework that applies to businesses. We should also have these expectations as voters.
It's time to have a conversation about the privacy regime vis-à-vis political parties in Canada. Bill C-76 is one tool, but we need more.
Also on HuffPost: