On November 11, 2018, changes to section 10.1 of the Personal Information Protection and Electronic Documents Act, SC 2000, c 5 (PIPEDA) came into force. In cases where a breach of security safeguards affecting personal information creates a real risk of significant harm to the individual, PIPEDA now requires organizations that hold an individual’s personal information to notify that individual in the event of a breach. Recently, the Office of the Privacy Commissioner of Canada (OPC), published advice to individuals on what to do when they receive a breach notification.

Once an organization conducts risks assessments and determines that a breach poses a real risk of significant harm, the organization must contact and notify the individual as soon as feasible, and give the individual easy-to-understand information. The OPC has established the following guidelines for individuals:

  1. Read the notice carefully: The notice will provide the individual with information about the breach and how they can reduce their risks of harm.
  2. Keep the breach notification in a safe place: The information found in the notice may be of importance later on.
  3. Change your password: This applies not only for any passwords that may be linked to the breach, but also when the same password is used for different accounts.
  4. Monitor affected accounts: This is especially important if the breach involves sensitive information like financial information.
  5. Ask questions and stay vigilant: If there are questions regarding a breach, contact the organization through the contact information provided in the breach notification. Bad actors may not act right away, so it is important to take precautions to continuously protect one’s personal information.

Summary By: Alessia Monastero


19 10 02

Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.

E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.