Canada's Privacy Breach Notification Requirements Coming into Force
Canada’s Privacy Breach Notification Requirements Coming into Force
The provisions of Canada’s Digital Privacy Act dealing with privacy breach notification and breach record keeping (the “Provisions”) will come into force on November 1, 2018. Once in force, these Provisions will constitute a major change to Canada’s privacy law. For unknown reasons, the federal government made this announcement without fanfare or even a government press release.
The Digital Privacy Act was enacted in 2015, but the Provisions remained in limbo, not having been brought into force with the balance of the statute.
Summary of Provisions
In summary, the Provisions address several subjects:
Breach Notification
- Each organization will be required to report to the Privacy Commissioner of Canada any breach of security safeguards involving personal information under its control, if it is reasonable in the circumstances to believe the breach creates a real risk of significant harm to an individual.
- If this same test is met and unless otherwise prohibited by law, an organization will be required to notify an individual of any breach of security safeguards involving the individual’s personal information under the organization’s control.
- If an individual must be given such notice, the organization will also have to notify any other organization or government of the breach if the notifying organization believes the other organization or government may be able to reduce the risk of harm that could result from the breach or mitigate that harm.
- The form and content of such notices are to be prescribed in future regulations.
- These notifications must be given as soon as feasible after the organization determines the breach has occurred. The Canadian statute does not name a specific timeline, unlike the new European privacy regulation due to come into effect in May 2018.
Breach Record Keeping
- An organization will be required to keep and maintain a record of every breach of security safeguards involving personal information under its control, in accordance with regulations to be released in the future. Importantly, a record of all such breaches of security safeguards involving personal information will have to be made, not only those where there is a real risk of significant harm to an individual.
Whistleblowing
- Enhanced whistleblowing provisions will apply.
Authors
Insights
-
Financial Services Regulatory
In-Depth: Securitisation Law - Edition 6 - Canada Chapter
Francesca Guolo, Brian Empey, and Jon Northup co-authored the Canada Chapter in Lexology's In-Depth: Securitisation Law - Edition 6. The sixth edition of The Securitisation Law Review… -
Financial Services Regulatory
Anti-Money Laundering Obligations for Factors, Cheque Cashers, and Financing/Leasing Entities; Declaration and Record Keeping Requirements for Traders
Recent amendments to regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the “PCMLTFA”) introduce anti-money laundering compliance obligations for factors, cheque… -
Banking and Financial Services
Canadian Securities Regulators Publish Temporary Exemptions For Derivatives Data Reporting Requirements
On February 20, 2025, the Canadian Securities Administrators (CSA) introduced temporary exemptions from certain derivative data reporting requirements relating to unique product identifiers for… -
Banking and Financial Services
Practical Law The Journal - Canadian Interest Rate Transition from CDOR to CORRA
The article, “Canadian Interest Rate Transition from CDOR to CORRA” authored by Michael Bertrand, has been republished in Practical Law The Journal, December 2024 Year in Review Issue.The article… -
Financial Services Regulatory
FINTRAC Advisory Concerning Financial Transactions Related to High-Risk Countries Identified by the FATF
On November 18, 2024, the Financial Transactions and Reports Analysis Centre (FINTRAC) issued an updated advisory (the “Advisory”) concerning financial transactions related to countries identified by… -
Acquisition Finance
In-Depth: Acquisition and Leveraged Finance - Edition 11 - Canada
David Nadler, David Wiseman, Dan Dedic, Caroline Descours, Cathy Costa-Faria, Chris Baxter and Zhiyao Chen have co-authored the Canada Chapter in Lexology's In-Depth: Acquisition and…
Featured Work
-
Private Equity and Venture Capital
OMERS sells majority interest in CEDA to Hillcore Group
Goodmans LLP advised OMERS Private Equity Inc., a subsidiary of OMERS, in connection with the sale of its majority interest in CEDA to Hillcore Group… -
Capital Markets
Oxford Properties Group Trust announces C$700 million dual-tranche Senior Unsecured Notes offering
Goodmans LLP acted for CIBC Capital Markets, TD Capital Markets, RBC Capital Markets and the agents in connection with their role as ratings advisors and agents for a C$700 million dual-tranche senior… -
Restructuring
Sherritt International Corporation completes CBCA Notes Exchange Transaction and Subsequent Exchange Transaction
Goodmans LLP acted for Sherritt International Corporation in connection with its CBCA Transaction and Subsequent Exchange Transaction… -
REITS and Income Securities
InterRent REIT to be acquired by consortium that includes CLV Group in partnership with GIC in $4 billion all-cash transaction
Goodmans LLP is acting for a consortium that includes CLV Group Inc. in partnership with GIC in connection with the acquisition of InterRent REIT, whereby pursuant to a plan of arrangement a newly… -
Energy
Carlyle launches new renewables platform with Amp Energy carve-outs
Goodmans LLP acted for Amp Energy in connection with the carve-out of its Australian and UK portfolios of power generation and storage assets by global investment firm, Carlyle… -
Mergers and Acquisitions
Onex to sell WestJet stakes to Delta and Korean Air
Goodmans LLP is advising WestJet Airlines Ltd. and its controlling shareholder, Onex Corporation, in connection with the sale of Onex’s minority stakes in WestJet to Delta Air Lines and Korean Air…
News & Events
-
Banking and Financial Services
Goodmans Lawyers Once Again Recognized in the Lexpert Special Editions: Finance 2025 and Mergers and Acquisitions 2025
We are proud to announce the Lexpert Special Editions: Finance 2025 and Mergers and Acquisitions 2025 once again feature Goodmans lawyers among Canada's experts.Congratulations to… -
Banking and Financial Services
Francesca Guolo at the IIAC’s Short Sales: Meeting a Reasonable Expectation to Settle Webinar
On March 24th, Goodmans partner Francesca Guolo spoke at the webinar, “Short Sales: Meeting a Reasonable Expectation to Settle” held by the Investment Industry Association of Canada. The webinar… -
Aging and Health Care
The Canadian Legal Lexpert Directory 2025 Once Again Recognizes Goodmans
We are proud to announce Goodmans LLP continues to be recognized in the 2025 edition of The Canadian Legal Lexpert Directory.Congratulations to the 96 Goodmans lawyers recognized as leaders across…