Canada's Privacy Breach Notification Requirements Coming into Force
Canada’s Privacy Breach Notification Requirements Coming into Force
The provisions of Canada’s Digital Privacy Act dealing with privacy breach notification and breach record keeping (the “Provisions”) will come into force on November 1, 2018. Once in force, these Provisions will constitute a major change to Canada’s privacy law. For unknown reasons, the federal government made this announcement without fanfare or even a government press release.
The Digital Privacy Act was enacted in 2015, but the Provisions remained in limbo, not having been brought into force with the balance of the statute.
Summary of Provisions
In summary, the Provisions address several subjects:
Breach Notification
- Each organization will be required to report to the Privacy Commissioner of Canada any breach of security safeguards involving personal information under its control, if it is reasonable in the circumstances to believe the breach creates a real risk of significant harm to an individual.
- If this same test is met and unless otherwise prohibited by law, an organization will be required to notify an individual of any breach of security safeguards involving the individual’s personal information under the organization’s control.
- If an individual must be given such notice, the organization will also have to notify any other organization or government of the breach if the notifying organization believes the other organization or government may be able to reduce the risk of harm that could result from the breach or mitigate that harm.
- The form and content of such notices are to be prescribed in future regulations.
- These notifications must be given as soon as feasible after the organization determines the breach has occurred. The Canadian statute does not name a specific timeline, unlike the new European privacy regulation due to come into effect in May 2018.
Breach Record Keeping
- An organization will be required to keep and maintain a record of every breach of security safeguards involving personal information under its control, in accordance with regulations to be released in the future. Importantly, a record of all such breaches of security safeguards involving personal information will have to be made, not only those where there is a real risk of significant harm to an individual.
Whistleblowing
- Enhanced whistleblowing provisions will apply.
Authors
Insights
-
Financial Services Regulatory
In-Depth: Securitisation Law - Edition 6 - Canada Chapter
Francesca Guolo, Brian Empey, and Jon Northup co-authored the Canada Chapter in Lexology's In-Depth: Securitisation Law - Edition 6. The sixth edition of The Securitisation Law Review… -
Financial Services Regulatory
Anti-Money Laundering Obligations for Factors, Cheque Cashers, and Financing/Leasing Entities; Declaration and Record Keeping Requirements for Traders
Recent amendments to regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the “PCMLTFA”) introduce anti-money laundering compliance obligations for factors, cheque… -
Banking and Financial Services
Canadian Securities Regulators Publish Temporary Exemptions For Derivatives Data Reporting Requirements
On February 20, 2025, the Canadian Securities Administrators (CSA) introduced temporary exemptions from certain derivative data reporting requirements relating to unique product identifiers for… -
Banking and Financial Services
Practical Law The Journal - Canadian Interest Rate Transition from CDOR to CORRA
The article, “Canadian Interest Rate Transition from CDOR to CORRA” authored by Michael Bertrand, has been republished in Practical Law The Journal, December 2024 Year in Review Issue.The article… -
Financial Services Regulatory
FINTRAC Advisory Concerning Financial Transactions Related to High-Risk Countries Identified by the FATF
On November 18, 2024, the Financial Transactions and Reports Analysis Centre (FINTRAC) issued an updated advisory (the “Advisory”) concerning financial transactions related to countries identified by… -
Acquisition Finance
In-Depth: Acquisition and Leveraged Finance - Edition 11 - Canada
David Nadler, David Wiseman, Dan Dedic, Caroline Descours, Cathy Costa-Faria, Chris Baxter and Zhiyao Chen have co-authored the Canada Chapter in Lexology's In-Depth: Acquisition and…
Featured Work
-
Mergers and Acquisitions
Onex to sell WestJet stakes to Delta and Korean Air
Goodmans LLP is advising WestJet Airlines Ltd. and its controlling shareholder, Onex Corporation, in the sale of Onex’s minority stakes in WestJet to Delta Air Lines and Korean Air… -
Banking and Financial Services
Docebo Inc. enters into new revolving operating credit facility
Goodmans advised Docebo Inc. in connection with a new revolving operating credit facility with National Bank of Canada… -
Communications and Media
PSP Investments and BCE Inc. announce strategic partnership to create Network FiberCo
Goodmans LLP is acting as Canadian counsel to the Public Sector Pension Investment Board (“PSP Investments”) in connection with the formation of Network FiberCo, a long-term strategic partnership with… -
Restructuring
Endo International plc completes global restructuring
Goodmans LLP acted as Canadian legal counsel to the Endo Group (or the “Company”) in connection with its restructuring initiatives, transaction matters, negotiated resolutions with Canadian… -
Restructuring
Xplore completes CBCA recapitalization and restructures satellite business through RVO
Goodmans LLP acted as Canadian legal counsel to Xplore Inc. in connection with its recapitalization, restructuring, financing, regulatory, governance and business initiatives, including its review of… -
Mergers and Acquisitions
Andlauer Healthcare Group to be acquired by UPS
Goodmans LLP is acting for Andlauer Healthcare Group (“AHG”) in connection with a definitive arrangement agreement with affiliates of UPS under which UPS has agreed to acquire AHG via an all-cash…
News & Events
-
Banking and Financial Services
Goodmans Lawyers Once Again Recognized in the Lexpert Special Editions: Finance 2025 and Mergers and Acquisitions 2025
We are proud to announce the Lexpert Special Editions: Finance 2025 and Mergers and Acquisitions 2025 once again feature Goodmans lawyers among Canada's experts.Congratulations to… -
Banking and Financial Services
Francesca Guolo at the IIAC’s Short Sales: Meeting a Reasonable Expectation to Settle Webinar
On March 24th, Goodmans partner Francesca Guolo spoke at the webinar, “Short Sales: Meeting a Reasonable Expectation to Settle” held by the Investment Industry Association of Canada. The webinar… -
Aging and Health Care
The Canadian Legal Lexpert Directory 2025 Once Again Recognizes Goodmans
We are proud to announce Goodmans LLP continues to be recognized in the 2025 edition of The Canadian Legal Lexpert Directory.Congratulations to the 96 Goodmans lawyers recognized as leaders across…