Hunton writes:
On October 29, 2018, the Office of the Privacy Commissioner of Canada (the “OPC”) released final guidance (“Final Guidance”) regarding how businesses may satisfy the reporting and record-keeping obligations under Canada’s new data breach reporting law. The law, effective November 1, 2018, requires organizations subject to the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) to (1) report to the OPC breaches of security safeguards involving personal information “that pose a real risk of significant harm” to individuals, (2) notify affected individuals of the breach and (3) keep records of every breach of security safeguards, regardless of whether or not there is a real risk of significant harm.
Read more on Privacy & Information Security Law Blog.