After years of waiting, the countdown is on.
As of Nov. 1, 2018, organizations subject to the federal Personal Information Protection and Electronic Documents Act that experience a data breach (referred to in PIPEDA as a "breach of security safeguards") involving personal information will be required to report the breach to the Privacy Commissioner of Canada if the breach poses a "real risk of significant harm" to individuals, notify the affected individuals and notify other third-party organizations and government institutions (or part of government institution) of the data breach if the notifying organization concludes that such notification may reduce the risk of harm that could result from the breach and keep robust records of all breaches.
This article was originally published in Canadian Lawyer Online. To read the full article, click here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.