Canada's Privacy Breach Notification Requirements Coming into Force
Canada’s Privacy Breach Notification Requirements Coming into Force
The provisions of Canada’s Digital Privacy Act dealing with privacy breach notification and breach record keeping (the “Provisions”) will come into force on November 1, 2018. Once in force, these Provisions will constitute a major change to Canada’s privacy law. For unknown reasons, the federal government made this announcement without fanfare or even a government press release.
The Digital Privacy Act was enacted in 2015, but the Provisions remained in limbo, not having been brought into force with the balance of the statute.
Summary of Provisions
In summary, the Provisions address several subjects:
Breach Notification
- Each organization will be required to report to the Privacy Commissioner of Canada any breach of security safeguards involving personal information under its control, if it is reasonable in the circumstances to believe the breach creates a real risk of significant harm to an individual.
- If this same test is met and unless otherwise prohibited by law, an organization will be required to notify an individual of any breach of security safeguards involving the individual’s personal information under the organization’s control.
- If an individual must be given such notice, the organization will also have to notify any other organization or government of the breach if the notifying organization believes the other organization or government may be able to reduce the risk of harm that could result from the breach or mitigate that harm.
- The form and content of such notices are to be prescribed in future regulations.
- These notifications must be given as soon as feasible after the organization determines the breach has occurred. The Canadian statute does not name a specific timeline, unlike the new European privacy regulation due to come into effect in May 2018.
Breach Record Keeping
- An organization will be required to keep and maintain a record of every breach of security safeguards involving personal information under its control, in accordance with regulations to be released in the future. Importantly, a record of all such breaches of security safeguards involving personal information will have to be made, not only those where there is a real risk of significant harm to an individual.
Whistleblowing
- Enhanced whistleblowing provisions will apply.
Authors
Insights
-
Financial Services Regulatory
Canadian Securities Administrators Extend Compliance Deadline in Interim Approach to Value-Referenced Crypto Assets
On April 17, 2024, the Canadian Securities Administrators (CSA) provided an update to their interim approach in respect of “Value-Referenced Crypto Assets” (VRCAs), as set out in the CSA’s guidance in… -
Financial Services Regulatory
Obligations and Opportunity - Budget 2024’s Impact on the Blockchain Industry
As crypto-assets become subject to further regulation both domestically and globally, industry players find themselves presented not only with new obligations but also with new opportunities. Canada’s… -
Financial Services Regulatory
Budget 2024 Announces Additional Measures to Combat Financial Crime
In Budget 2024, the Government of Canada announced its intentions to amend the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), the Criminal Code, the Income Tax Act, and… -
Financial Services Regulatory
OSFI Releases New Framework to Modernize Financial Supervision
On February 8, 2024, the Office of the Superintendent of Financial Institutions (OSFI) announced a new framework (the “Framework”) for supervising federally regulated financial institutions (FRFIs… -
Financial Services Regulatory
The Bank of Canada Opens Consultation for Supervisory Guidelines
The Bank of Canada continues preparations for its supervision of payment service providers (PSPs) under the Retail Payment Activities Act (RPAA). The Bank has published draft supervisory guidelines… -
Financial Services Regulatory
Bank of Canada publishes guidance for registration under the Retail Payment Activities Act
As the November 1 – 15, 2024 window for registration of payment services providers (“PSPs”) approaches, the Bank of Canada (the “Bank”) has published guidance for PSPs determining: (i) whether the…
Featured Work
-
Tax
Cineplex announces comprehensive refinancing plan
Goodmans is acting for Cineplex Inc., a leading Canadian entertainment and media company, in connection with its announcement of a comprehensive refinancing plan to improve financial flexibility and… -
Mergers and Acquisitions
FASHIONPHILE acquires Two Authenticators Business
Goodmans LLP acted for FASHIONPHILE, LLC in connection with its purchase of the assets of Two Authenticators Inc… -
Mergers and Acquisitions
Gamut Capital Management acquires Extreme Reach
Goodmans LLP acted for Gamut Capital Management, L.P. (“Gamut”), a leading New York-based middle market private equity firm, in its acquisition of Extreme Reach, Inc. (“Extreme Reach” or “ER”) — a… -
Restructuring
MAV Beauty Brands Inc.'s Restructuring Proceedings
Goodmans LLP acts for Alvarez & Marsal Canada Inc. in respect of MAV Beauty Brands Inc., a publicly traded global hair care and personal care company focused on managing a diversified portfolio of… -
Mergers and Acquisitions
Group led by Michael Andlauer buys Ottawa Senators
Goodmans LLP acted for an entity controlled by Michael Andlauer in its purchase of the Ottawa Senators Hockey Club from the Melnyk Estate… -
Banking and Financial Services
Finastra Group $5.32 billion refinancing
Goodmans LLP acted for Finastra International Limited in the full refinancing of its existing credit facilities and restructuring of its capital structure…
News & Events
-
Banking and Financial Services
Goodmans Lawyers Recognized in the Lexpert Special Edition: Finance and M&A 2024
We are delighted to announce the Lexpert Special Edition: Finance and M&A 2024 once again features Goodmans lawyers among Canada's experts.Congratulations to our 33 featured lawyers:Alan… -
Banking and Financial Services
The Canadian Legal Lexpert Directory 2024 Continues to Recognize Goodmans
We are proud to announce Goodmans LLP has once again been recognized in the 2024 edition of The Canadian Legal Lexpert Directory.91 Goodmans lawyers have been recognized as top-tier in their… -
Banking and Financial Services
Chambers and Partners Continues to Honour Goodmans with Global Recognition
We are proud to announce Goodmans LLP has once again received top-tier recognition from Chambers and Partners in the Chambers Global 2024 Guide released today. Recognition from…