BreachExchange mailing list archives
Canada: New data breach reporting requirements come into force this week
From: Destry Winant <destry () riskbasedsecurity com>
Date: Tue, 30 Oct 2018 11:06:57 -0500
http://www.poandpo.com/news_business/canada-new-data-breach-reporting-requirements-come-into-force-this-week-30102018547/ Businesses have new obligations under breach of security safeguards rules coming into force this week in Canada, says the federal Privacy Commissioner. Changes to Canada's federal private sector privacy law will require organizations to report certain breaches of security safeguards to the Commissioner's office and to notify those affected. "The number and frequency of significant data breaches over the past few years have proven there's a clear need for mandatory reporting," says Commissioner Daniel Therrien. "Mandatory breach reporting and notification will create an incentive for organizations to take security more seriously and bring enhanced transparency and accountability to how organizations manage personal information." The Office of the Privacy Commissioner of Canada has published guidance to help businesses comply with the new requirements as well as a new reporting form. The final version of the guidance was developed following a public consultation. The Commissioner's office received 20 submissions from various sectors on a draft version of the guidance. The Commissioner thanks those who provided their feedback. Under the new regulations for organizations subject to the Personal Information Protection and Electronic Documents Act, which come into force November 1, organizations must: - Report to the Privacy Commissioner's office any breach of security safeguards where it creates a "real risk of significant harm;" - Notify individuals affected by a breach of security safeguards where there is a real risk of significant harm; - Keep records of all breaches of security safeguards that affect the personal information under their control; and - Keep those records for two years. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Canada: New data breach reporting requirements come into force this week Destry Winant (Oct 31)