Canada's Privacy Commissioner Releases New Guidance on Data Breach Notifications

Organizations hit by a privacy breach (that meets certain conditions) must now notify affected individuals and the Office of the Privacy Commissioner. Recently, the Privacy Commissioner released new guidance targeted at informing individuals on what they should expect and what they should do after receiving a data breach notification, along with an important reminder for businesses.
Categories: Business Insights
Nov 7th, 2019 | By: CapriCMW

As we previously covered in our blog post PIPEDA's Breach Reporting Requirements Come into Effect on November 1, 2018, federal requirements on privacy breach reporting came into effect last year. In accordance with this update to the Personal Information Protection and Electronic Documents Act (PIPEDA), organizations hit by a privacy breach (that meets certain conditions) must now notify affected individuals and the Office of the Privacy Commissioner. Recently, the Privacy Commissioner released new guidance targeted at informing individuals on what they should expect and what they should do after receiving a data breach notification. There is also an important takeaway for businesses regarding how they fulfill their obligations following a breach.

For Individuals

The latest guidance reaffirms what affected individuals should expect from a breach notification by an organization:

  • They must be contacted as soon as feasible, either directly or indirectly (under certain specific circumstances).
  • Indirect notification must be issued through a public announcement that is reasonably likely to reach affected individuals.
  • The information in the notification should be easy to understand.

When read with the wording of PIPEDA itself, the notification should be easy to understand and contain sufficient information to explain the extent, significance and consequences of the breach. 

Additionally, a notification must include:

  • a description of the personal information that was exposed
  • steps taken to minimize the risk of harm
  • steps that affected individuals can take to minimize the risk for themselves
  • contact information for individuals to reach someone at the organization with any further questions

Individuals are also advised to change their passwords, monitor accounts, and store notifications in a safe place.

For Businesses

The guidance reiterates to individuals that they should reach out to the organization using the contact information provided in the notification if they have any questions or concerns. The person at an organization who is designated to be the first contact for affected individuals plays an extremely important role. It is critical that they are capable of speaking to all the details of the breach, along with what the organization has done and will be doing in response (both operationally and technically). 

See the complete guidance here. 

Access more information about PIPEDA's breach reporting requirements here.

Businesses of all sizes are being targeted by cyber criminals and the consequences can be devastating. Cyber Liability Insurance has developed to help businesses reduce the impact, respond and recover in the aftermath of a data breach. Visit capricmw.ca/cyber to get a quote.

Recent Blog Posts

Business Insurance / Construction, Real Estate, mass timber, sustainable housing
BC Proposes Building Code Changes to Allow 18-Storey Mass Timber Buildings

The provincial government has proposed changes to the British Columbia Building and Fire Codes (BC…

Dec 27th, 2023 | By: CapriCMW
Business Insurance / Small Business, SME, commercial property
Applications Open for BC's Securing Small Business Rebate Program

As of November 22, 2023, small businesses in BC can apply for a new provincial rebate to help them…

Dec 12th, 2023 | By: CapriCMW
Employee Benefits / employment law, employee benefts, pay transparency, pay equity
New Pay Disclosure Requirements Now in Effect for BC Employers

As of November 1, 2023, employers are required to include wage or salary ranges in job postings open…

Nov 16th, 2023 | By: CapriCMW
Search the Blog
photo-10.jpg

Confidence and Freedom

At CapriCMW, we provide personalized insurance and custom risk solutions to give you the confidence and freedom to focus on what matters to you. Talk to an Advisor or get a quote today.

Get a Quote    Or call 1-800-670-1877

Can’t find what you are looking for? Ask us!