skip to main content
Oct 15, 2018

Winter is coming: Preparing for Canada’s new mandatory federal data breach regulations

By Lisa R. Lifshitz
Canadian Lawyer Online - IT Girl Column View original

After years of waiting, the countdown is on.

As of Nov. 1, 2018, organizations subject to the federal Personal Information Protection and Electronic Documents Act that experience a data breach (referred to in PIPEDA as a “breach of security safeguards”) involving personal information will be required to report the breach to the Privacy Commissioner of Canada if the breach poses a “real risk of significant harm” to individuals, notify the affected individuals and notify other third-party organizations and government institutions (or part of government institution) of the data breach if the notifying organization concludes that such notification may reduce the risk of harm that could result from the breach and keep robust records of all breaches.

This article was originally published in Canadian Lawyer Online. To read the full article, click here.