On November 11, 2018, changes to section 10.1 of the Personal Information Protection and Electronic Documents Act, SC 2000, c 5 (PIPEDA) came into force. In cases where a breach of security safeguards affecting personal information creates a real risk of significant harm to the individual, PIPEDA now requires organizations that hold an individual’s personal information to notify that individual in the event of a breach. Recently, the Office of the Privacy Commissioner of Canada (OPC), published advice to individuals on what to do when they receive a breach notification.
Once an organization conducts risks assessments and determines that a breach poses a real risk of significant harm, the organization must contact and notify the individual as soon as feasible, and give the individual easy-to-understand information. The OPC has established the following guidelines for individuals:
Summary By: Alessia Monastero
Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.
E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.