ARTICLE
26 November 2024

New Regulations On Security Incidents By Certain Financial Institutions: Comparison Chart

GW
Gowling WLG

Contributor

Gowling WLG is an international law firm built on the belief that the best way to serve clients is to be in tune with their world, aligned with their opportunity and ambitious for their success. Our 1,400+ legal professionals and support teams apply in-depth sector expertise to understand and support our clients’ businesses.
On October 23, 2024, the Regulation respecting the management and reporting of information security incidents by certain financial institutions and by credit assessment agents (available in French only) was published.
Canada Finance and Banking

Co-authored by Philippe Dalmau, Summer Law Student

On October 23, 2024, the Regulation respecting the management and reporting of information security incidents by certain financial institutions and by credit assessment agents (available in French only) was published. It will come into force in April 2025.

The regulation sets out a framework for the management and reporting of information security incidents for certain financial institutions and credit assessment agents that are subject to various enabling statutes, including:

  1. Insurers authorized under the Insurers Act (chapter A-32.1) and federations of mutual companies that are subject thereto.
  2. Federations and credit unions not members of a federation that are subject to the Act respecting financial services cooperatives (chapter C-67.3).
  3. Deposit institutions authorized under the Deposit Institutions and Deposit Protection Act (chapter I-13.2.2).
  4. Trust companies authorized under the Trust Companies and Savings Companies Act (chapter S-29.02).
  5. Credit assessment agents designated under the Credit Assessment Agents Act (chapter A-8.2).

This regulation, which specifically applies to institutions governed by the Autorité des marchés financiers, overlaps with the personal information requirements set out under the Act respecting the protection of personal information in the private sector (CQLR c P-39.1) by the Commission d'accès à l'information du Québec.

To help organizations understand these two parallel regimes and support them in their compliance efforts, we have created a comparative chart highlighting the similarities, differences and potential sanctions. Download it now to access this essential and simplified overview.

Download the comparative chart

Read the original article on GowlingWLG.com

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More