Canada's Privacy Commissioner Releases New Guidance on Data Breach Notifications

Organizations hit by a privacy breach (that meets certain conditions) must now notify affected individuals and the Office of the Privacy Commissioner. Recently, the Privacy Commissioner released new guidance targeted at informing individuals on what they should expect and what they should do after receiving a data breach notification, along with an important reminder for businesses.
Categories: Business Insights
Nov 7th, 2019 | By: CapriCMW

As we previously covered in our blog post PIPEDA's Breach Reporting Requirements Come into Effect on November 1, 2018, federal requirements on privacy breach reporting came into effect last year. In accordance with this update to the Personal Information Protection and Electronic Documents Act (PIPEDA), organizations hit by a privacy breach (that meets certain conditions) must now notify affected individuals and the Office of the Privacy Commissioner. Recently, the Privacy Commissioner released new guidance targeted at informing individuals on what they should expect and what they should do after receiving a data breach notification. There is also an important takeaway for businesses regarding how they fulfill their obligations following a breach.

For Individuals

The latest guidance reaffirms what affected individuals should expect from a breach notification by an organization:

  • They must be contacted as soon as feasible, either directly or indirectly (under certain specific circumstances).
  • Indirect notification must be issued through a public announcement that is reasonably likely to reach affected individuals.
  • The information in the notification should be easy to understand.

When read with the wording of PIPEDA itself, the notification should be easy to understand and contain sufficient information to explain the extent, significance and consequences of the breach. 

Additionally, a notification must include:

  • a description of the personal information that was exposed
  • steps taken to minimize the risk of harm
  • steps that affected individuals can take to minimize the risk for themselves
  • contact information for individuals to reach someone at the organization with any further questions

Individuals are also advised to change their passwords, monitor accounts, and store notifications in a safe place.

For Businesses

The guidance reiterates to individuals that they should reach out to the organization using the contact information provided in the notification if they have any questions or concerns. The person at an organization who is designated to be the first contact for affected individuals plays an extremely important role. It is critical that they are capable of speaking to all the details of the breach, along with what the organization has done and will be doing in response (both operationally and technically). 

See the complete guidance here. 

Access more information about PIPEDA's breach reporting requirements here.

Businesses of all sizes are being targeted by cyber criminals and the consequences can be devastating. Cyber Liability Insurance has developed to help businesses reduce the impact, respond and recover in the aftermath of a data breach. Visit capricmw.ca/cyber to get a quote.

Recent Blog Posts

Business Insurance / hospitality, COVID-19
BC Introduces a $50 Million Relief Grant for Restaurants and Businesses Affected by Recent COVID-19 Restrictions

Restaurants and other affected businesses can apply to access up to $10,000 in a one-time grant to…

Apr 13th, 2021 | By: CapriCMW
Personal Insurance / auto insurance
Who is at fault for a collision in a parking lot?

Even though the basic rules of the road still apply when you’re driving in a parking lot, it may be…

Apr 8th, 2021 | By: CapriCMW
Personal Insurance / auto insurance
Can I let someone else drive my car?

It's not uncommon to want to lend your vehicle to another driver from time to time. But what happens…

Apr 8th, 2021 | By: CapriCMW
Search the Blog
photo-10.jpg

Confidence and Freedom

At CapriCMW, we provide personalized insurance and custom risk solutions to give you the confidence and freedom to focus on what matters to you. Talk to an Advisor or get a quote today.

Get a Quote    Or call 1-800-670-1877

Can’t find what you are looking for? Ask us!