Excela Associates - Privacy Consultants

Sound management of personal information is not simply a matter of good business. It is also a matter of law. Canada has privacy legislation covering the public and private sectors nation-wide, both federally and provincially. There are few organizations in Canada that are not subject to privacy legislation.

Excela Associates provides a full slate of services to assist its clients in planning, developing and implementing effective strategies to manage personal information and comply with privacy legislation. We can identify risks associated with inappropriate information management practices and provide solutions to deal with them. If you need a privacy consultant, you need look no further than Excela Associates.

Among our services are:

  • Policy, procedures and guidelines for privacy, information security and information management.
  • Strategic planning and policy development for all aspects of the management of personal and confidential information.
  • Information risk assessments, including privacy impact assessments and security assessments.
  • Training in privacy, security, and freedom of information.
  • Privacy architecture development.
  • Privacy by design implementations.
  • Privacy officer services.

In addition to generic privacy legislation, legislated privacy torts exist in British Columbia, Saskatchewan, Manitoba and Newfoundland and Labrador, allowing individuals to sue for invasions of privacy even if there are no financial repercussions.

Other provinces do not have legislated privacy torts, but in 2011 the Ontario Court of Appeal created a tort of "intrusion upon seclusion" for severe invasions of privacy. This tort has since been recognized in other provinces. The Ontario Court of Appeal has ruled that Ontario's Personal Health Information Protection Act (PHIPA) does not prevent patients from suing hospitals for breaches of privacy. 

The transition period for Canada's anti-spam legislation (CASL) expired on 1 July 2017.  Transition provisions, including presumed consent in certain circumstances, expired on that date. Explicit prior consent is now required for most unsolicited electronic communications.  (A private right of action, which which would have allowed for judgements of up to $1M per day plus damages, has been indefinitely postponed.)

Effective May 2018, the EU's General Data Protection Regulation (GDPR) imposes strict privacy requirments on any organization doing business with EU residents.  The reguation, which is more detailed and prescriptive than any other privacy law, requires that subject organizations take specific actions for compliance, which may require modifications to existing business processes.  Excela can assist in planning for GDPR compliance.

Excela can advise on any aspect of personal information management. We offer the services of highly qualified experts in privacy, security and information management. Our president and associates are all senior practitioners with many years of experience.