On October 2, 2017, the Office of the Privacy Commissioner of Canada (OPCC) sent a letter to the Department of Innovation, Science and Economic Development regarding the proposed Breach of Security Safeguards Regulations that are proposed to be enacted pursuant to the Personal Information Protection and Electronic Documents Act. E-TIPS® Newsletter previously reported on the draft regulations being published in the Canada Gazette here.
The OPCC’s letter focuses on recommendations for the content of data breach reports and data breach record keeping requirements. The OPCC also commented on the time frame for bringing the new regulations into force, but stated only that it should be earlier than the 18 month period suggested by some other stakeholders.
The OPCC suggests that reports that are to be submitted to the Privacy Commissioner in the event of a data breach should include:
The OPCC also suggests that the record keeping requirement for any data breach should be increased from 24 months to 60 months, and should include records detailing:
Summary By: Michael House