The Office of the Privacy Commissioner of Canada (OPC) recently released official guidance for reporting data breaches pursuant to Canada’s new data breach reporting law. A change in Canada’s law, effective November 1st, requires companies subject to Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) to report data breaches in certain instances and keep records of all breaches. The guidance relates to how to determine what breaches must be reported to the OPC, and what kind of notice you need to give individuals. The guidance also relates to the obligation to keep records of breaches and what information needs to be included.
Qualifying a Reportable Breach
A “breach of security safeguards” refers to the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of a company’s security safeguards or a failure to establish security safeguards. Continue reading New Data Breach Reporting Requirements in Canada