On November 17, 2020, the federal government introduced Bill C-11, An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts.
Tag: Data Breach
Reminder: Mandatory Data Breach Notification in Force on November 1, 2018
As we previously reported, as of November 1, 2018, the Personal Information Protection and Electronic Documents Act (PIPEDA) will require notification to affected individuals and the federal Office of the Privacy Commissioner (OPC) when a security incident involving personal information results in a “real risk of significant harm.” The supporting regulations published March 27, 2018…
PIPEDA Breach of Security Safeguards Regulations Published
Beginning November 1, 2018, the Personal Information Protection and Electronic Documents Act (PIPEDA) will require private sector organizations to provide notice to affected individuals and the federal Office of the Privacy Commissioner (OPC) when a security incident involving personal information results in a “real risk of significant harm.” The supporting regulations, Breach of Security Safeguards…
Mandatory Breach Notification Comes to Canada: What To Do About It
It’s been a long time coming, but we finally know that mandatory breach notification is coming to Canada. Beginning November 1, 2018, the Personal Information Protection and Electronic Documents Act (PIPEDA) will require notification to affected individuals and the federal Privacy Commissioner when a security incident involving personal information results in a “real risk of significant…
Ten Incident Response Tips – Part 1
Responding to a data security incident is as much art as science. Whatever size your organization and whatever risks you face, you should have a detailed incident response plan to guide the efforts of a defined incident response team…
Federal Privacy Commissioner Weighs In Against Sharing Details of Employee Discipline
In a recently released decision summary, the Office of the Privacy Commissioner of Canada (OPC) held that a bank acted properly in deciding not to tell the victim of unauthorized access precisely how it had punished its offending employee (Employee). The victim, the complainant in this case, was a neighbour of the Employee who happened…
Federal Government Consults on PIPEDA Data Breach Regulations
On March 4, 2016, the federal government posted Data Breach Notification and Reporting Regulations (Regulations) for public discussion. Amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) enacted by the Digital Privacy Act (Bill S-4) will, upon proclamation, require private sector organizations to notify the public in circumstances where security safeguards involving their…
Hicks Morley Information and Privacy Post – 2013
Dear Friends: It’s early October 2013, and here’s what’s on our minds. With great pleasure, we’ve released this year’s Information and Privacy Post – a review of 60 information management and privacy cases that caught our attention in the last year. We like the exercise of producing the Post because pulling together and organizing recent…
New Privacy Legislation in Manitoba
Organizations with operations in Manitoba need to be aware that the Manitoba Legislature has recently passed new privacy legislation that will apply to the private sector and, to a lesser degree, to the not-for-profit sector – The Personal Information Protection and Identity Theft Prevention Act (“PIPITPA” or the “Act”). PIPITPA will establish rules for the…
Reaching Out – Third Edition
Dear Friends, As we welcome back Spring, which finally seems to be taking hold, it presents an opportunity to do some spring cleaning and dust off common HR issues that bear review before we get too far into 2013. In the Spring edition of Reaching Out, Carolyn Cornford Greaves, an associate in our Toronto office…