New Mandatory Data Breach Reporting Requirements Become Effective for Companies Doing Business in Canada

November 12, 2018

On November 1, 2018, the Canadian Digital Privacy Act came into effect.

The Act, passed on June 18, 2015, modified the data breach obligations for companies subject to the Personal Information Protection and Electronic Documents Act by introducing three new requirements in the event of certain data breaches:  reporting to the Canadian Office of the Privacy Commissioner, notification to the affected individuals, and recordkeeping obligations.  Below, we discuss these requirements and recent guidance provided by the OPC, and explore some implications for companies subject to PIPEDA.

Click here, to continue reading on the Cleary Cybersecurity and Privacy Watch blog.