Starting November 1, 2018, companies governed by the Personal Information Protection and Electronic Documents Act (PIPEDA), will be required to report data breaches to affected customers, third parties and the federal Privacy Commissioner. The Office of the Privacy Commissioner (OPC) has prepared draft guidance in order to help businesses comply with these new mandatory breach reporting requirements. 

PIPEDA’s Breach of Security Safeguards Regulations were published for consultation on September 2, 2017, as previously reported on in E-TIPS®, with the final version published in April 2018. In brief, these regulations require that an organization experiencing a data breach posing “a real risk of significant harm” to any individual whose personal information is involved:

  1. report to the breach to the Privacy Commissioner;
  2. notify affected individuals about the breach; and
  3. maintain records of the breach.The OPC understands that organizations will require additional guidance in order to fully comply with these new obligations and has accordingly prepared draft guidance and a draft breach reporting form for public consultation.  Final versions of the guidance and reporting form are to be published shortly. For more information, please see the OPC’s website.

Summary By: Jae Morris


18 10 03

Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.

E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.