Call Who?! Breach Notification Standards in Canada

In 2000, Canada adopted a national data privacy law in the form of the Personal Information Protection and Electronic Documents Act (PIPEDA). While PIPEDA set a national requirement that private sector entities who handle personal information needed to report breaches of that information, it did not set a unified standard for what form that notification needed to take.

That changed earlier this month.

On April 18, the Canadian government published new regulations that set rules for PIPEDA breach notifications. The regulations, which come into force in November, require that breach notifications be sent to the Office of the Privacy Commissioner of Canada, and privately to affected individuals, if possible, or else be made public.

Also worth noting for all of you GDPR-watchers out there, one of the expressed objectives of the new regulations was to align Canadian law with new European requirements.

Doing business in Canada and want to understand what these new regulations mean to you? We’re happy to help you with this and any other privacy law question.

Tripp Stroud