Canada’s national breach notification requirements are coming online November 1st, meaning companies experiencing a data breach will soon have new reporting obligations.  These requirements were created in 2015 by the Digital Privacy Act, which amended the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s main privacy statute.  In April 2018, in preparation for the national implementation of the new law, the Office of the Privacy Commissioner of Canada (OPC), with authority to issue promulgating regulations under PIPEDA, issued Regulations that establish detailed requirements regarding the content and methodology of breach notifications to the OPC and affected individuals.  After issuing those Regulations, the OPC continued to receive requests for further clarity and guidance regarding the breach notification requirements under PIPEDA and the OPC Breach Regulations.  In response to those further requests for guidance, the OPC announced that it would issue further guidance (“What You Need To Know About Mandatory Reporting Of Breaches Of Security Safeguards”) on breach notification and reporting.  On September 17th, the OPC invited public feedback on the draft guidance.  The OPC will accept feedback until October 2, 2018.  Comments can be sent to OPC-CPVPconsult2@priv.gc.ca and must be either in the body of the email or attached as a Word or PDF document.  The OPC will publish the final guidance soon after the October 2nd deadline to ensure guidance is in place when the amendment becomes effective in November.
Continue Reading Upcoming Canadian Breach Notification Requirements Still in Flux