Excela Associates Inc.

Sound management of personal information is not simply a matter of good business. It is also a matter of law. Canada has privacy legislation covering the public and private sectors nation-wide, both federally and provincially. There are few organizations in Canada that are not subject to privacy legislation.

Excela Associates provides a full slate of services to assist its clients in planning, developing and implementing effective strategies to manage personal information and comply with privacy legislation. We can identify risks associated with inappropriate information management practices and provide solutions to deal with them. If you need a privacy consultant, you need look no further than Excela Associates.

Among our services are:

  • Policy, procedures and guidelines for privacy, information security and information management.
  • Strategic planning and policy development for all aspects of information management.
  • Information risk assessments, including privacy impact assessments and security assessments.
  • Training in privacy, security, and freedom of information.
  • Privacy architecture development.
  • Privacy by design implementations.
  • Privacy officer services.

In addition to generic privacy legislation, legislated privacy torts exist in British Columbia, Saskatchewan, Manitoba and Newfoundland and Labrador, allowing individuals to sue for invasions of privacy even if there are no financial repercussions.

Ontario does not have a legislated privacy tort, but the Ontario Court of Appeal has ruled that a tort of "intrusion upon seclusion" exists for severe invasions of privacy; this tort has since been recognized in other provinces. The Ontario Court of Appeal has ruled that Ontario's Personal Health Information Protection Act (PHIPA) does not prevent patients from suing hospitals for breaches of privacy. 

The transition period for Canada's anti-spam legislation expires on 1 July 2017.  Transition provisions, including presumed consent in certain circumsatnces, expire on that date, after which explicit prior consent is required for most unsolicited electronic communications.  A private right of action takes effect on the same date, which allows for judgements of up to $1M per day plus damages.

In addition to the potential legal consequences, breaches of privacy cause public embarrassment, loss of customer and stakeholder trust, and the considerable costs associated with correcting privacy mistakes after the fact. 

Excela can advise on any aspect of personal information management. We offer the services of highly qualified experts in privacy, security and information management. Our president and associates are all senior practitioners with many years of experience.