OPC affirms requirements for transferring personal information across borders for processing

On August 4, 2020, the Office of the Privacy Commissioner of Canada (the OPC) issued PIPEDA Report of Findings #2020-001 (the Report), which concluded that a Canadian financial institution (the FI) had complied with its obligations under the federal Personal Information Protection and Electronic Documents Act (PIPEDA) in connection with outsourcing aspects of its fraud claims processing services to a third party service provider located in India. Importantly, the OPC found that FI was not required to obtain consent from its customers to transfer personal information to its service provider, signifying a commitment to the OPC’s original policy position on cross-border transfers of personal information.

This content has been updated on May 2, 2024 at 13 h 41 min.