Canada's new privacy rule and recommended actions
Organizations should start now to get ready for Canada’s new privacy breach notification rules, say experts.
The new regulations require organizations to notify individuals and Canada’s Privacy Commissioner of all security breaches that could result in a “real risk of significant harm” to an individual. The regulations, under the Personal Information Protection and Electronics Documents Act (PIPEDA), come into effect on November 1. They apply to all companies, except those in British Columbia, Alberta and Quebec, which have their own privacy laws.
“It’s more than a subtle change,” said Scott Smith, senior director, Intellectual Property & Innovation Policy, Canadian Chamber of Commerce. “Every breach, whether significant or not, must be recorded.”
If a recent survey by the Privacy Commissioner’s office is any indication, many Canadian businesses have a lot of work to do to comply with the rules. It found that only four in 10 businesses have policies or procedures in place to deal with a breach involving the personal information of their customers.
Read the full article for guidance on how to get started.