«
»

New Rules Will Force Canadian Companies To Disclose Data Breaches

From the “it’s about time” department comes news that new rules kick in today that force Canadian companies to disclose data breaches:

Under the new regulations for organizations subject to the Personal Information Protection and Electronic Documents Act, which come into force November 1, organizations must:

  • Report to the Privacy Commissioner’s office any breach of security safeguards where it creates a “real risk of significant harm;”
  • Notify individuals affected by a breach of security safeguards where there is a real risk of significant harm;
  • Keep records of all breaches of security safeguards that affect the personal information under their control; and
  • Keep those records for two years.

The Office of the Privacy Commissioner of Canada has published guidance to help businesses comply with the new requirements as well as a new reporting form.

Now by no means is this perfect and even the Privacy Commissioner admits that, but it is a step in the right direction as companies need to be fully transparent and held fully accountable for any data breaches that may take place. It may also force them to take steps to avoid being on the wrong side of a data breach headline as well.

This entry was posted on November 1, 2018 at 9:01 am and is filed under Commentary with tags . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “New Rules Will Force Canadian Companies To Disclose Data Breaches”

  1. #PSA It Seems That Canada Computers Is Leaking Customer Data | The IT Nerd Says:
    December 5, 2018 at 7:38 am

    […] you should report this to the Canadian Privacy Commissioner because as of November 1st, companies are legally required to report this sort of thing. Clearly they don’t want to do that and thus deserve to be smacked […]

    Reply

Leave a Reply

%d bloggers like this: