On April 17, 2012, the Office of the Privacy Commissioner of Canada and the Information and Privacy Commissioners of Alberta and British Columbia released guidance on their expectations for accountable privacy programs as required by Canadian law. The guidance, entitled “Getting Accountability Right with a Privacy Management Program,” discusses the building blocks of a comprehensive privacy program for businesses of all sizes. Although intended for a Canadian audience, the paper likely will have worldwide influence given recent privacy law developments around the globe.

For example:

• New privacy laws in Latin America include accountability requirements.
• The proposed European data protection regulation includes requirements that organizations have the elements of a comprehensive privacy program in place.
• Recent U.S. Federal Trade Commission settlement agreements with Google and Facebook require the companies to implement comprehensive privacy programs.
• At least one European data protection authority is drafting similar guidance for companies with Binding Corporate Rules.

The building blocks outlined by the Canadian Privacy Commissioners map to the essential elements of accountability contained in the Galway Paper by the Global Accountability Project. The Centre for Information Policy Leadership is the Secretariat for that project.