Canada's Privacy Commissioner Releases New Guidance on Data Breach Notifications

Organizations hit by a privacy breach (that meets certain conditions) must now notify affected individuals and the Office of the Privacy Commissioner. Recently, the Privacy Commissioner released new guidance targeted at informing individuals on what they should expect and what they should do after receiving a data breach notification, along with an important reminder for businesses.
Categories: Business Insights
Nov 7th, 2019 | By: CapriCMW

As we previously covered in our blog post PIPEDA's Breach Reporting Requirements Come into Effect on November 1, 2018, federal requirements on privacy breach reporting came into effect last year. In accordance with this update to the Personal Information Protection and Electronic Documents Act (PIPEDA), organizations hit by a privacy breach (that meets certain conditions) must now notify affected individuals and the Office of the Privacy Commissioner. Recently, the Privacy Commissioner released new guidance targeted at informing individuals on what they should expect and what they should do after receiving a data breach notification. There is also an important takeaway for businesses regarding how they fulfill their obligations following a breach.

For Individuals

The latest guidance reaffirms what affected individuals should expect from a breach notification by an organization:

  • They must be contacted as soon as feasible, either directly or indirectly (under certain specific circumstances).
  • Indirect notification must be issued through a public announcement that is reasonably likely to reach affected individuals.
  • The information in the notification should be easy to understand.

When read with the wording of PIPEDA itself, the notification should be easy to understand and contain sufficient information to explain the extent, significance and consequences of the breach. 

Additionally, a notification must include:

  • a description of the personal information that was exposed
  • steps taken to minimize the risk of harm
  • steps that affected individuals can take to minimize the risk for themselves
  • contact information for individuals to reach someone at the organization with any further questions

Individuals are also advised to change their passwords, monitor accounts, and store notifications in a safe place.

For Businesses

The guidance reiterates to individuals that they should reach out to the organization using the contact information provided in the notification if they have any questions or concerns. The person at an organization who is designated to be the first contact for affected individuals plays an extremely important role. It is critical that they are capable of speaking to all the details of the breach, along with what the organization has done and will be doing in response (both operationally and technically). 

See the complete guidance here. 

Access more information about PIPEDA's breach reporting requirements here.

Businesses of all sizes are being targeted by cyber criminals and the consequences can be devastating. Cyber Liability Insurance has developed to help businesses reduce the impact, respond and recover in the aftermath of a data breach. Visit capricmw.ca/cyber to get a quote.

Recent Blog Posts

Business Insurance / Cyber Insurance, data breach, ransomware
Video: How to Protect Your Organization Against Ransomware

Ransomware is one of the most damaging types of cyber attacks and cyber criminals are becoming more…

Jan 22nd, 2020 | By: CapriCMW
Employee Benefits / employee benefits, long term disability, maternity leave
Returning From Mat Leave: Insurers Stop Reset of Pre-existing Conditions Clauses for Long-Term Disability

Recently, major Canadian insurers have stopped applying the pre-existing conditions clauses for…

Jan 16th, 2020 | By: CapriCMW
Business Insights / food safety, food and beverage
New Requirements Under Safe Food for Canadians Regulations in Effect January 15, 2020

As of January 15, 2020, fresh fruits and vegetables businesses, including growers and harvesters,…

Jan 8th, 2020 | By: CapriCMW
photo-10.jpg

Confidence and Freedom

At CapriCMW, we provide personalized insurance and custom risk solutions to give you the confidence and freedom to focus on what matters to you. Talk to an Advisor or get a quote today.

Get a Quote    Or call 1-800-670-1877

Can’t find what you are looking for? Ask us!