This Year’s Back to School Calls for Data Privacy Officer “101” 

By September 2022, any organization in Canada that works with the Quebec market will need to come into compliance with the newly amended Quebec privacy legislation. This slate of new requirements rolls out in phases and eventually, in 2023, we will see stringent enforcement and stiff fines. One element that must be addressed by this fall is the appointment of a Chief Privacy Officer. For many IAB Canada members, this responsibility would most likely land on the internal privacy counsel or, in some cases, the CEO of the organization. The law, however, stipulates that this appointment may be delegated in writing, in whole or in part, to any person (internally or externally) without providing any guidelines or qualifications of that appointee.  

One of the top concerns IAB Canada has voiced with regulators and government bodies, both independently and as part of larger coalitions, is the immense cost of compliance that sometimes result from radical changes to legislation.

In the case of Quebec, the requirement for a new job description with vague guidance comes at a major cost for thousands of small to medium sized businesses. In a sense, this area of the law presents the industry with a double-edged sword. On the one hand, it raises the stakes and the accountability for organizations in the context of privacy but, on the other, it mainstreams the basic concepts of privacy to the point where all businesses are now becoming fluent in the topic.

To help our members and the greater digital advertising industry prepare, IAB Canada has partnered with Bamboo Data Consulting to develop a full day kick-start program that outlines the responsibilities of the Data Privacy Officer. This introductory course delves into the details of the job with the goal of the program to provide an introduction of what it means to keep records, stay vigilant and develop systems to keep you organized on the job. Further education is always recommended, and we strongly encourage our members to explore opportunities to better understand technology, tools, and broader resources to mitigate risks and provide privacy as an integrated service to your customers.  

For organizations with existing Data Privacy Officers, we would encourage you to review the curriculum to determine whether a refresher on the basics would be helpful to you.  

If you are looking for more advanced training, feel free to contact us at and we will be happy to provide you with suggestions on appropriate opportunities to enhance your existing skills.