On November 1, 2018, as previously reported on in the E-TIPS® newsletter, the Personal Information Protection and Electronic Documents Act (PIPEDA)’s amendments establishing mandatory data breach reporting obligations set out in Division 1.1 of the statute come into effect.
The Office of the Privacy Commissioner of Canada (OPC) has published guidance to help businesses comply with the new requirements as well as a new reporting form to report privacy breaches. The final version of the guidance was developed following a public consultation through which the OPC received submissions from various sectors on a draft version.
Under the new regulations organizations subject to PIPEDA must:
For more information, please see the OPC’s news release announcing the new data breach reporting requirements.
Summary By: Jae Morris