The Digital Privacy Act (DPA), which received Royal Assent on June 18, 2015, amended the Personal Information Protection and Electronic Documents Act (PIPEDA) in a number of ways. Among the changes is the establishment of federal data breach notification requirements. Organizations that experience a data breach that would create a reasonable belief of a real risk of significant harm to an individual will be required to:
The data breach notification requirements will come into force after Parliament enacts related regulations. In a recently published consultation paper, the Government of Canada has invited interested stakeholders to provide written submissions to the Privacy and Data Protection Directorate relating to the forthcoming regulations. Submissions must be received by May 31, 2016. Specifically, the Government of Canada is seeking input relating to:
Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.
E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.