PublicationPublication

Winter is coming: Preparing for Canada’s new mandatory federal data breach regulations

Lisa R. Lifshitz
Canadian Lawyer Online - IT Girl Column
 

After years of waiting, the countdown is on.

As of Nov. 1, 2018, organizations subject to the federal Personal Information Protection and Electronic Documents Act that experience a data breach (referred to in PIPEDA as a “breach of security safeguards”) involving personal information will be required to report the breach to the Privacy Commissioner of Canada if the breach poses a “real risk of significant harm” to individuals, notify the affected individuals and notify other third-party organizations and government institutions (or part of government institution) of the data breach if the notifying organization concludes that such notification may reduce the risk of harm that could result from the breach and keep robust records of all breaches.

This article was originally published in Canadian Lawyer Online. To read the full article, click here.

 

People

  • Chair of Torkin Manes' Technology and Privacy & Data Management Groups, Lisa practises exclusively in the areas of technology, privacy and cybersecurity law.

    View bio

    Lisa R. Lifshitz

    Partner and Chair, Technology and Privacy & Data Management Groups

Expertise