Kelly Friedman and Tamara Hunter of DLA Piper write:
On September 2, 2017, the Government of Canada published proposed “Breach of Security Safeguards Regulations”. The proposed regulations relate to the provisions in Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), which are not yet in force. The PIPEDA provisions will require an organization to notify affected individuals, and report to the Office of the Privacy Commissioner of Canada (“OPC”), as soon as feasible, regarding any data breach which poses a “real risk of significant harm” to any individual whose personal information was involved in the breach. The breach provisions in PIPEDA specify that such notification and reporting must be done in accordance with regulations passed pursuant to PIPEDA. Representations on the proposed regulations may be submitted up to October 2, 2017.
Failure to notify the OPC of a security breach, as required by the PIPEDA provisions yet to come into force, is an offence, punishable by a fine of up to $100,000.
Read more on JDSupra.