Excela Associates Inc.

Privacy Consultants

Sound management of personal information is not simply a matter of good business. It is also a matter of law. Canada has privacy legislation covering the public and private sectors nation-wide, both federally and provincially. There are few organizations in Canada that are not subject to privacy legislation.

Excela Associates provides a full slate of services to assist its clients in planning, developing and implementing effective strategies to manage personal information and comply with privacy legislation. We can identify risks associated with inappropriate information management practices and provide solutions to deal with them. If you need a privacy consultant, you need look no further than Excela Associates.

Among our services are:

  • Policy, procedures and guidelines for privacy, information security and information management.
  • Strategic planning and policy development for all aspects of the management of personal and confidential information.
  • Information risk assessments, including privacy impact assessments and security assessments.
  • Training in privacy, security, and freedom of information.
  • Privacy architecture development.
  • Privacy by design implementations.
  • Privacy officer services.

In addition to generic privacy legislation, legislated privacy torts exist in British Columbia, Saskatchewan, Manitoba and Newfoundland and Labrador, allowing individuals to sue for invasions of privacy even if there are no financial repercussions.

Other provinces do not have legislated privacy torts, but in 2011 the Ontario Court of Appeal created a tort of "intrusion upon seclusion" for severe invasions of privacy. This tort has since been recognized in other provinces. The Ontario Court of Appeal has ruled that Ontario's Personal Health Information Protection Act (PHIPA) does not prevent patients from suing hospitals for breaches of privacy. 

The transition period for Canada's anti-spam legislation expired on 1 July 2017.  Transition provisions, including presumed consent in certain circumstances, expired on that date. Explicit prior consent is now required for most unsolicited electronic communications.  (A private right of action was to take effect on the same date, which which would have allowed for judgements of up to $1M per day plus damages, but it was indefinitely postponed at the last minute.)

In addition to the potential legal consequences, breaches of privacy cause public embarrassment, loss of customer and stakeholder trust, and the considerable costs associated with correcting privacy mistakes after the fact. 

Excela can advise on any aspect of personal information management. We offer the services of highly qualified experts in privacy, security and information management. Our president and associates are all senior practitioners with many years of experience.