Canada’s Privacy Breach Notification Requirements Coming into Force
The provisions of Canada’s Digital Privacy Act dealing with privacy breach notification and breach record keeping (the “Provisions”) will come into force on November 1, 2018. Once in force, these Provisions will constitute a major change to Canada’s privacy law. For unknown reasons, the federal government made this announcement without fanfare or even a government press release.
The Digital Privacy Act was enacted in 2015, but the Provisions remained in limbo, not having been brought into force with the balance of the statute.
Summary of Provisions
In summary, the Provisions address several subjects:
- Each organization will be required to report to the Privacy Commissioner of Canada any breach of security safeguards involving personal information under its control, if it is reasonable in the circumstances to believe the breach creates a real risk of significant harm to an individual.
- If this same test is met and unless otherwise prohibited by law, an organization will be required to notify an individual of any breach of security safeguards involving the individual’s personal information under the organization’s control.
- If an individual must be given such notice, the organization will also have to notify any other organization or government of the breach if the notifying organization believes the other organization or government may be able to reduce the risk of harm that could result from the breach or mitigate that harm.
- The form and content of such notices are to be prescribed in future regulations.
- These notifications must be given as soon as feasible after the organization determines the breach has occurred. The Canadian statute does not name a specific timeline, unlike the new European privacy regulation due to come into effect in May 2018.
Breach Record Keeping
- An organization will be required to keep and maintain a record of every breach of security safeguards involving personal information under its control, in accordance with regulations to be released in the future. Importantly, a record of all such breaches of security safeguards involving personal information will have to be made, not only those where there is a real risk of significant harm to an individual.
- Enhanced whistleblowing provisions will apply.
Financial Services Regulatory
FINTRAC Advisory Concerning Financial Transactions Related to High-Risk Countries Identified by FATFOn November 20, 2023, the Financial Transactions and Reports Analysis Centre (FINTRAC) issued an updated advisory (the “Advisory”) concerning financial transactions related to countries…
Capital MarketsOn November 16, 2023, the Canadian Securities Administrator (CSA) and the Investment Industry Regulatory Organization of Canada (now, the Canadian Investment Regulatory Association) (CIRO) published a…
TaxOn November 2, 2023, the Canada Revenue Agency (CRA) answered a series of questions as part of the Association de planification fiscal et financière’s annual conference in Quebec City that may have…
Financial Services Regulatory
FINTRAC to Implement New Mortgage Sector Obligations, Stronger Correspondent Banking Obligations and a New Funding ModelThe Government of Canada published regulations that will create new obligations for the mortgage sector, strengthen correspondent banking relationship requirements, and shift the funding of the…
Canadian Securities Administrators Announce Guidance on Trading of Value-Referenced Crypto Assets for Crypto Trading PlatformsOn October 5, 2023, the Canadian Securities Administrators (CSA) published Staff Notice 21-333 – Crypto Asset Trading Platforms: Terms and Conditions for Trading Value-Referenced Crypto Assets with…
Banking and Financial ServicesOn September 28, 2023, the securities regulatory authorities of each of the provinces and territories, other than British Columbia, published Multilateral Instrument 93-101 Derivatives: Business…
Mergers and AcquisitionsGoodmans LLP acted for an entity controlled by Michael Andlauer in its purchase of the Ottawa Senators Hockey Club from the Melnyk Estate…
RestructuringGoodmans LLP is counsel for Ernst & Young Inc. (“EY”) in its capacity as court-appointed information officer (the “Information Officer”) in the recognition proceedings of Instant Brands Inc…
Mergers and AcquisitionsGoodmans LLP advised Classic Fire + Life Safety, a McCain Capital Partners portfolio company, in its expansion into Western Canada through the acquisitions of Legacy Fire Protection, Photon Electric…
RestructuringGoodmans LLP acted as co-counsel to the Term Loan Lenders to Stoneway Capital Corporation in its proceedings before the Ontario Superior Court of Justice (Commercial List) to implement a pre-arranged…
MiningGoodmans LLP acted for Hudbay Minerals Inc. in the closing of its previously announced court-approved plan of arrangement with Copper Mountain Mining Corporation, pursuant to which Hudbay has acquired…
Mergers and AcquisitionsGoodmans LLP is acting for Gamut Capital Management, L.P. (“Gamut”), a leading New York-based middle market private equity firm, in its definitive agreement to acquire Extreme Reach, Inc. (“Extreme…
News & Events
Banking and Financial ServicesWe are pleased to share Goodmans lawyers have been recognized across Who's Who Legal's National Guide: Canada 2023. WWL National Guides identify national or regional leaders in a sector, industry…
Banking and Financial ServicesWe are pleased to announce Goodmans LLP has once again received top tier recognition from The Legal 500 Canada in their 2024 Guide released today. Recognition from The Legal 500 is based on…
Banking and Financial ServicesWe’re pleased to announce Goodmans was once again named to The Globe and Mail’s Canada’s Best Law Firms list, recognizing us as one of the country’s best law firms for 2024.Goodmans was…