Chiara Trinidad writes:
What laws govern data breach in Canada?
Data breach notification law is governed by the Personal Information and Electronic Documents Act (PIPEDA). This federal law regulates the handling of personal information during commercial transactions. This includes the collection, use, and disclosure of personal data. By extension, this also includes the storage of information while in use.
What constitutes data breach in Canada?
In simple terms, a data breach happens when there’s disclosure of personal information to unauthorized third parties. A common scenario is during a cyberattack when a group breaches security policies to steal personal information. However, it can also happen if an unauthorized member of an organization accesses or discloses personal information.
When PIPEDA says personal information, it refers to:
- name, age, marital status, nationality, race, ethnic origin
- income and financial information
- employment history, employee files, ID number
- medical history, blood type, DNA
- educational history
- Social Insurance Number
- driver’s licence
- opinions and evaluations
- credit records
- loan records
The unauthorized disclosure of any of this information will trigger data breach notification law.
Read more at Lexpert.