Skip to content

Brought to you by

Dentons logo

Privacy and Cybersecurity Law

Coverage and commentary on developments in data protection.

open menu close menu

Privacy and Cybersecurity Law

  • Home
  • About Us

Mark your calendars: Mandatory data-breach notification rules come into force November 1

By Anca Sattler
April 4, 2018
  • Canada
  • Data Breach
  • Enforcement
  • New and Proposed Laws
Share on Facebook Share on Twitter Share via email Share on LinkedIn

The federal government released an Order in Council, dated March 26, 2018, announcing that the mandatory data-breach notification rules will come into force on November 1, on the recommendation of Navdeep Bains, Minister of Industry, Science and Economic Development.

After nearly three years, sections 10, 11, and 14, subsections 17(1) and (4) and sections 19 and 22 to 25 of the Digital Privacy Act, Chapter 32 will come into effect to amend the Personal Information Protection and Electronic Documents Act (PIPEDA). The federal government released the proposed breach reporting rules in September 2017 and advised at that time that the proposed regulations will be delayed coming into force after their publications, meant to “give regulated organizations time to adjust their policies and procedures accordingly and ensure that systems are in place to track and record all breaches of security safeguards that they experience.”

With the amendment, PIPEDA will contain provisions requiring organizations to notify affected individuals and organizations of breaches of security safeguards that create a real risk of significant harm and to report them to the Privacy Commissioner. It also creates offences in relation to the contravention of certain obligations respecting breaches of security safeguards. Among the changes, the new rules will also give the privacy commissioner the power to enter into a “compliance agreement” with an organization in certain circumstance to ensure the organization’s compliance with PIPEDA.

Stay tuned for further updates.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Anca Sattler

About Anca Sattler

Anca Sattler is a senior associate at Dentons, working with three of the Firm’s high-profile practice groups: International Trade, Privacy and Security, and Litigation and Dispute Resolution. Based in Ottawa, Anca has extensive experience in international trade and investment, privacy and data protection, as well as commercial litigation. She has lived in Canada, the US and Europe, and can work in five languages, enabling her to apply a true global perspective to her work.

All posts Full bio

RELATED POSTS

  • Canada
  • Marketing, Cookies & Spam
  • United States

How Canada’s Anti-Spam Enforcers will Cooperate, Coordinate, Share Information

Canada’s Anti-Spam Legislation (CASL) brings with it new legal violations and penalties, some of which become effective as of July 1, 2014.   […]

By Margot Patterson
  • New and Proposed Laws

Five Key Messages from our Data Protection Regulation Update

Firstly, many thanks to those of you who joined us at our legal update seminar last week on the Data […]

By Nick Graham
  • New and Proposed Laws
  • Privacy Rights

“Explicit consent” under the new Data Protection Regulation

The new EU Data Protection Regulation redefines consent of individuals.  No longer, will it be sufficient for consents to be […]

By Nick Graham

About Dentons

Dentons is designed to be different. As the world’s largest law firm with 20,000 professionals in over 200 locations in more than 80 countries, we can help you grow, protect, operate and finance your business. Our polycentric and purpose-driven approach, together with our commitment to inclusion, diversity, equity and ESG, ensures we challenge the status quo to stay focused on what matters most to you. www.dentons.com

Dentons boilerplate image

Twitter

Categories

  • Accountability
  • Asia Pacific
  • Canada
  • Cloud Computing
  • Consumer Protection
  • Cybersecurity
  • Data Breach
  • Data Transfers
  • Employee Privacy
  • Enforcement
  • Europe
  • General
  • Government Information
  • Health Information Privacy
  • Latin America
  • Marketing, Cookies & Spam
  • New and Proposed Laws
  • Privacy Notices
  • Privacy Rights
  • Record Retention
  • Smart Cities
  • United Kingdom
  • United States

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2022 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site