On 13 August 2021, the OPC released an announcement that they have amended several guidance documents to reaffirm some of the types of personal information the OPC has generally interpreted as sensitive in the context of PIPEDA.

Under PIPEDA any personal information can be considered sensitive depending on the context. The updated guidance sets out that certain types of personal information will generally be considered sensitive because of the specific risks to individuals when it is collected, used or disclosed, and which requires a higher degree of protection. These include health and financial data, ethnic and racial origins, political opinions, genetic and biometric data, an individual’s sex life or sexual orientation, and religious/philosophical beliefs.

The OPC provides a list of the updates guidance documents which are:

The updates relate to discussions with Industry, Science and Economic Development Canada (ISED) with respect to an ongoing review by the European Commission about the “adequacy” of Canada’s privacy legislation, and aim to better explain the concept of sensitive information under PIPEDA so it can be evaluated more accurately against the GDPR.

Under GDPR adequacy decisions must be reviewed every 4 years, a process involving a comprehensive assessment of the country’s privacy regime and which is currently underway in Canada. The result of this review could have a profound impact on data transfers between the EU and Canada if our adequacy decision was lost.

The OPC will issue an Interpretation Bulletin sometime later this year to further explain issues relating to sensitive personal information.