Canada's Privacy Breach Notification Requirements Coming into Force
Canada’s Privacy Breach Notification Requirements Coming into Force
The provisions of Canada’s Digital Privacy Act dealing with privacy breach notification and breach record keeping (the “Provisions”) will come into force on November 1, 2018. Once in force, these Provisions will constitute a major change to Canada’s privacy law. For unknown reasons, the federal government made this announcement without fanfare or even a government press release.
The Digital Privacy Act was enacted in 2015, but the Provisions remained in limbo, not having been brought into force with the balance of the statute.
Summary of Provisions
In summary, the Provisions address several subjects:
Breach Notification
- Each organization will be required to report to the Privacy Commissioner of Canada any breach of security safeguards involving personal information under its control, if it is reasonable in the circumstances to believe the breach creates a real risk of significant harm to an individual.
- If this same test is met and unless otherwise prohibited by law, an organization will be required to notify an individual of any breach of security safeguards involving the individual’s personal information under the organization’s control.
- If an individual must be given such notice, the organization will also have to notify any other organization or government of the breach if the notifying organization believes the other organization or government may be able to reduce the risk of harm that could result from the breach or mitigate that harm.
- The form and content of such notices are to be prescribed in future regulations.
- These notifications must be given as soon as feasible after the organization determines the breach has occurred. The Canadian statute does not name a specific timeline, unlike the new European privacy regulation due to come into effect in May 2018.
Breach Record Keeping
- An organization will be required to keep and maintain a record of every breach of security safeguards involving personal information under its control, in accordance with regulations to be released in the future. Importantly, a record of all such breaches of security safeguards involving personal information will have to be made, not only those where there is a real risk of significant harm to an individual.
Whistleblowing
- Enhanced whistleblowing provisions will apply.
Authors
Insights
-
Financial Services Regulatory
Anti-Money Laundering Obligations for Factors, Cheque Cashers, and Financing/Leasing Entities; Declaration and Record Keeping Requirements for Traders
Recent amendments to regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the “PCMLTFA”) introduce anti-money laundering compliance obligations for factors, cheque… -
Banking and Financial Services
Canadian Securities Regulators Publish Temporary Exemptions For Derivatives Data Reporting Requirements
On February 20, 2025, the Canadian Securities Administrators (CSA) introduced temporary exemptions from certain derivative data reporting requirements relating to unique product identifiers for… -
Banking and Financial Services
Practical Law The Journal - Canadian Interest Rate Transition from CDOR to CORRA
The article, “Canadian Interest Rate Transition from CDOR to CORRA” authored by Michael Bertrand, has been republished in Practical Law The Journal, December 2024 Year in Review Issue.The article… -
Financial Services Regulatory
FINTRAC Advisory Concerning Financial Transactions Related to High-Risk Countries Identified by the FATF
On November 18, 2024, the Financial Transactions and Reports Analysis Centre (FINTRAC) issued an updated advisory (the “Advisory”) concerning financial transactions related to countries identified by… -
Acquisition Finance
In-Depth: Acquisition and Leveraged Finance - Edition 11 - Canada
David Nadler, David Wiseman, Dan Dedic, Caroline Descours, Cathy Costa-Faria, Chris Baxter and Zhiyao Chen have co-authored the Canada Chapter in Lexology's In-Depth: Acquisition and… -
Banking and Financial Services
Canadian Securities Regulators Publish Temporary Exemptions For Derivatives Data Reporting Requirements
On October 31, 2024, the Canadian Securities Administrators (CSA) introduced temporary relief from certain derivative data reporting requirements under the Trade Reporting Rules identified…
Featured Work
-
Mergers and Acquisitions
Andlauer Healthcare Group to be acquired by UPS
Goodmans LLP is acting for Andlauer Healthcare Group (“AHG”) in connection with a definitive arrangement agreement with affiliates of UPS under which UPS has agreed to acquire AHG via an all-cash… -
Aging and Health Care
Welltower winds down joint venture with Chartwell
Goodmans LLP acted for Welltower Inc. in connection to the winding down of its 11-year joint venture with Mississauga-based Chartwell Retirement Residences, which has seen them partner on the… -
Capital Markets
Northwest Healthcare Properties Real Estate Investment Trust announces inaugural unsecured debentures offering
Goodmans LLP advised Northwest Healthcare Properties REIT in connection with a private placement offering of $500 million aggregate principal amount of senior unsecured debentures of the REIT in two… -
Mining
Coeur Mining, Inc. acquires SilverCrest Metals Inc. at an implied equity value of approximately US$1.7 billion
Goodmans LLP acted as Canadian counsel to Coeur Mining, Inc. in connection with its acquisition of SilverCrest Metals Inc., whereby pursuant to a plan of arrangement Coeur acquired all of the issued… -
Mergers and Acquisitions
Apotex acquires CanPrev
Goodmans LLP acted for Apotex Inc. in connection with its acquisition of CanPrev, a leading Canadian provider of vitamins, supplements, and other natural health products… -
Restructuring
Comark Group’s restructuring proceedings
Goodmans LLP is counsel for Alvarez & Marsal Canada Inc. in its capacity as court-appointed monitor in the recognition proceedings of Comark Group under the Companies’ Creditors Arrangement Act…
News & Events
-
Banking and Financial Services
Goodmans Lawyers Once Again Recognized in the Lexpert Special Editions: Finance 2025 and Mergers and Acquisitions 2025
We are proud to announce the Lexpert Special Editions: Finance 2025 and Mergers and Acquisitions 2025 once again feature Goodmans lawyers among Canada's experts.Congratulations to… -
Aging and Health Care
The Canadian Legal Lexpert Directory 2025 Once Again Recognizes Goodmans
We are proud to announce Goodmans LLP continues to be recognized in the 2025 edition of The Canadian Legal Lexpert Directory.Congratulations to the 96 Goodmans lawyers recognized as leaders across… -
Banking and Financial Services
Chambers and Partners Once Again Honours Goodmans with Global Recognition
We are proud to announce Goodmans LLP continues to receive top-tier recognition from Chambers and Partners in the Chambers Global 2025 Guide released today.Recognition from Chambers and Partners is…