Canada:
Canada's Mandatory Data Breach Notification Law Goes Into Effect
08 January 2019
by
Jeremy S. Close
,
Meredith Collier
,
David R. Coogan
,
Jennifer Everett
,
Robert Levent Hergüner
,
Richard Johnson
,
Laura Lim
,
Christopher Markham
,
Daniel McLoon
,
Mary Alexander Myers
,
Mauricio Paez
and
Nicole Perry
Jones Day
To print this article, all you need is to be registered or login on Mondaq.com.
On November 1, Canada's Breach of Security Safeguards
Regulations went into effect, implementing the Personal Information
Protection and Electronic Documents Act, known as
"PIPEDA." The regulations provide the requirements for
mandatory data breach notification to affected individuals and the
Office of the Privacy Commissioner if a breach poses a real risk of
significant harm to individuals. Companies also must maintain a
record of every security incident for 24 months. Companies are
subject to potential penalties of CAD$100,000 for failure to make
notifications or maintain records.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Privacy from Canada
Do You Collect IP Addresses? Here Are Three Things You Must Do
MLT Aikins LLP
In a landmark ruling, the Supreme Court of Canada in R. v. Bykovets, 2024 SCC 6, confirmed that Canadians' IP addresses are private, mandating law enforcement to obtain a search warrant for access, as well as setting a precedent ...