In a recent post, we discussed the Canadian Cabinet’s announcement that Canada’s new data breach regulations go into effect on November 1, 2018. Despite announcing the effective date, Canada had not yet finalized these regulations.  However, on April 18, 2018, Canada unveiled the Breach of Security Safeguard Regulations: SOR/2018-64 (“Regulations”).

To highlight some of the finer points, in order to trigger notification requirements, the Regulations require organizations to determine if a data breach poses a “real risk of significant harm” to any individual had their information accessed in the breach.  If an organization meets this harm threshold, then the affected organization must notify the Privacy Commissioner of Canada, as well as the affected individuals.  
Continue Reading Canada Releases New Data Breach Regulations

The Cabinet in Ottawa quietly proclaimed on March 26, 2018 that the official implementation date for Canada’s much-needed and long-awaited mandatory data breach notification laws will be November 1, 2018.  Oddly enough, the regulations regarding notification have not yet been finalized.  
Continue Reading Canada’s Data Breach Notification Law Goes Into Effect November 1, 2018