Canada's Privacy Commissioner Releases New Guidance on Data Breach Notifications

Organizations hit by a privacy breach (that meets certain conditions) must now notify affected individuals and the Office of the Privacy Commissioner. Recently, the Privacy Commissioner released new guidance targeted at informing individuals on what they should expect and what they should do after receiving a data breach notification, along with an important reminder for businesses.
Categories: Business Insights
Nov 7th, 2019 | By: CapriCMW

As we previously covered in our blog post PIPEDA's Breach Reporting Requirements Come into Effect on November 1, 2018, federal requirements on privacy breach reporting came into effect last year. In accordance with this update to the Personal Information Protection and Electronic Documents Act (PIPEDA), organizations hit by a privacy breach (that meets certain conditions) must now notify affected individuals and the Office of the Privacy Commissioner. Recently, the Privacy Commissioner released new guidance targeted at informing individuals on what they should expect and what they should do after receiving a data breach notification. There is also an important takeaway for businesses regarding how they fulfill their obligations following a breach.

For Individuals

The latest guidance reaffirms what affected individuals should expect from a breach notification by an organization:

  • They must be contacted as soon as feasible, either directly or indirectly (under certain specific circumstances).
  • Indirect notification must be issued through a public announcement that is reasonably likely to reach affected individuals.
  • The information in the notification should be easy to understand.

When read with the wording of PIPEDA itself, the notification should be easy to understand and contain sufficient information to explain the extent, significance and consequences of the breach. 

Additionally, a notification must include:

  • a description of the personal information that was exposed
  • steps taken to minimize the risk of harm
  • steps that affected individuals can take to minimize the risk for themselves
  • contact information for individuals to reach someone at the organization with any further questions

Individuals are also advised to change their passwords, monitor accounts, and store notifications in a safe place.

For Businesses

The guidance reiterates to individuals that they should reach out to the organization using the contact information provided in the notification if they have any questions or concerns. The person at an organization who is designated to be the first contact for affected individuals plays an extremely important role. It is critical that they are capable of speaking to all the details of the breach, along with what the organization has done and will be doing in response (both operationally and technically). 

See the complete guidance here. 

Access more information about PIPEDA's breach reporting requirements here.

Businesses of all sizes are being targeted by cyber criminals and the consequences can be devastating. Cyber Liability Insurance has developed to help businesses reduce the impact, respond and recover in the aftermath of a data breach. Visit capricmw.ca/cyber to get a quote.

Recent Blog Posts

Business Insurance / Property Management, Residential Building, Strata Corporation
Best Practices for Managing Your Strata's Increasing Insurance Deductibles

In response to the increasing costs and frequency of water damage claims, insurers of strata…

Oct 30th, 2019 | By: Danielle Russell
Employee Benefits / Human Resources, employee benefits, group benefits, recruitment
Video: Attracting and Retaining Top Talent

CapriCMW Benefits Advisor, Chantell Arsenault, outlines three ways businesses can attracted and…

Oct 25th, 2019 | By: CapriCMW
Employee Benefits / group benefits, pharmacare, medicare
Modernizing Medicare in Canada

Over the years, provinces have been continuing to download costs of prescription drug expenses onto…

Oct 15th, 2019 | By: Steve Hesketh
photo-10.jpg

Confidence and Freedom

At CapriCMW, we provide personalized insurance and custom risk solutions to give you the confidence and freedom to focus on what matters to you. Talk to an Advisor or get a quote today.

Get a Quote    Or call 1-800-670-1877

Can’t find what you are looking for? Ask us!