The Digital Privacy Act (DPA), which received Royal Assent on June 18, 2015, amended the Personal Information Protection and Electronic Documents Act (PIPEDA) in a number of ways.  Among the changes is the establishment of federal data breach notification requirements.  Organizations that experience a data breach that would create a reasonable belief of a real risk of significant harm to an individual will be required to:

  • report the data breach to the Privacy Commissioner of Canada;
  • notify those individuals at real risk of significant harm from the data breach;
  • notify any other organizations that may be in a position to mitigate the harm caused by the data breach; and
  • maintain a record of all data breaches involving personal information experienced by the organization (DPA, Section 10.3(1)).

The data breach notification requirements will come into force after Parliament enacts related regulations.  In a recently published consultation paper, the Government of Canada has invited interested stakeholders to provide written submissions to the Privacy and Data Protection Directorate relating to the forthcoming regulations.  Submissions must be received by May 31, 2016.  Specifically, the Government of Canada is seeking input relating to:

  • the factors used to determine a “real risk of significant harm”;
  • the form and content of a data breach report;
  • the form, manner and content of data breach notifications to individuals and organizations;
  • the record keeping obligations of organizations that experience a data breach; and
  • any other issues that should be considered when drafting the regulations.

E-TIPS® ISSUE

16 04 06

Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.

E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.