Canadian Personal Information Security Breach Obligations – Preparing for Compliance

Commencing November 1, 2018, Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) will require an organization that suffers a “breach of security safeguards” involving personal information under its control to keep prescribed records of the breach and, if the breach presents a “real risk of significant harm to an individual”, to promptly report the breach to the Privacy Commissioner and give notice of the breach to affected individuals and certain other organizations and government institutions.

Preparing for compliance with the personal information security breach obligations may require significant effort, time and expense. Canadian organizations should now be taking steps to prepare for compliance.

To read our bulletin on this topic. click here.



This content has been updated on May 4, 2018 at 23 h 11 min.