Kathrin Gardhouse

Bill C-27, which includes the proposed Consumer Privacy Protection Act (“CPPA”), the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act (“AIDA” or the “Act”), is currently in its second reading in the House of Commons. On April 24, 2023, the second reading of the bill was completed. In order … Read more

Healthcare organizations are required to perform a delicate balancing act between healthcare data protection and disclosure of high utility data to further research and innovation leading to better healthcare services. There will often be a trade-off between these two interests, as excluding or altering data in an effort to protect individuals’ privacy regularly comes at … Read more

If your organization ever finds itself in the position of wishing or having to disclose personally identifiable information (PII), e.g., to third parties for processing purposes, to researchers for scientific purposes, or to the public as a result of access to information obligation, you have to ensure that the privacy of those individuals to whom … Read more

PHI stands for “Protected Health Information” and can include information about an individual such as blood type, condition, injury, etc. This term is subject to a lengthy and complex definition in a regulation under the US Health Insurance Portability and Accountability Act of 1996 (HIPAA), which we will examine in detail below. The term is … Read more

PCI is often mentioned in the triage PII, PHI and PCI in the context of data protection. PCI stands for “Payment Card Industry” data, which includes information such as bank account numbers, credit card numbers, card expiration dates, CVV numbers, etc. This article zeroes in on PCI and explains what data is captured under this … Read more

With data privacy becoming an increasingly hot topic as major data breaches make headlines around the globe, the biggest question typically is: “What PII was exposed?” But what is PII? PII stands for “Personally Identifiable Information.” It generally refers to any information that can be used to identify a particular person such as names, credit … Read more

This guide is for you if you already know what Law25 is and have read some of the other excellent materials out there that tell you what your obligations are on a high level, but are still uncertain about some of the details. In particular, you are wondering about the scope of the definition of … Read more

In this blog post, we examine the two types of Personal Identifiers: direct and quasi- (or indirect) identifiers, why we care about distinguishing them, and what challenges they pose regarding compliance with data privacy laws and regulations. In short, both direct and quasi-identifiers refer to pieces of information that can be used to identify an … Read more

Data privacy is becoming an increasingly important topic in an increasingly digitized world where powerful technologies are more and more able to sift through datasets unmanageable for the human mind. Big Data analytics is not only able to detect general trends from the wealth of data available, but it can draw out valuable insights and … Read more

In an increasingly digital world where customer data is being collected at various touchpoints, the protection of personal information is becoming increasingly important for businesses worldwide. There are three core types of personal information that global privacy regulations require protection of: Personally Identifiable Information (PII), Payment Card Industry (PCI) data, and Protected Health Information (PHI). … Read more