Both Canada and India are working on proposed national privacy law upgrades that would bring their country-wide frameworks closer to that of the EU. In addition, a regional law (in Quebec) will begin to take effect this year in Canada, which may spur heightened compliance measures across the country in the same way that California's privacy law has motivated US companies to address privacy. For Canada, the new and proposed laws are an upgrade to already-stringent national privacy rules.
The laws would address the security of personal data as well as consumer rights of access, deletion, and more. They would require that companies deliver notice of their practices and could impose other duties as well. Finally, the EU notoriously added potentially huge fines to its privacy framework when it enacted the 2018 GDPR, and both Canada and India are debating doing the same.
Why It Matters
Maintaining the privacy and security of "personal" data is no longer an optional part of online/electronic business. Furthermore, data about people is no longer an unfettered corporate asset. Regulators across the globe are increasingly favorable to the ideas that (1) companies should be constrained by some rules as to what they can and cannot do with data about individuals and (2) those individuals have some control over corporate use of personal data about them, and certain rights in and to such data. Given the global nature of supply chains, electronic business, online communications, and more, these rules are extremely likely to affect almost all companies at some time in the near future. Taking time now to understand how new comprehensive privacy laws work and designing compliant workflow is well worth the investment.