Is Your Business Ready for Breach Record Inspections?

The Office of the Privacy Commissioner will be conducting breach record inspections this summer, targeting five to eight businesses.
Categories: Business Insights
Jul 17th, 2019 | By: CapriCMW

The Office of the Privacy Commissioner (OPC) will begin breach report inspections this summer, starting with five to eight businesses. Even if your business is not among those targeted for inspection, it is important to be prepared and maintain records as per requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA).

PIPEDA requires organizations in Canada to “maintain a record of every breach of security safeguards involving personal information under its control” for two years after the discovery of the breach. This requirement applies to any breach, regardless of the size or type of personal information involved, even if it is determined that there is no “real risk of significant harm” (which triggers the obligation to notify the OPC and affected individuals). Under PIPEDA, organizations are required to provide the OPC with breach records if requested. Businesses could face fines of up to $100,000 for non-compliance with PIPEDA.

To be prepared for a breach inspection, keep records of every single incident where a breach of security safeguards either occurred or could have occured. Records must include:

  • a description of the circumstances of the breach and, if known, the cause;
  • the day on which, or the period during which, the breach occurred or, if neither is known, the approximate period;
  • a description of the personal information that is the subject of the breach to the best of your knowledge;
  • the number of individuals affected by the breach or, if unknown, the approximate number;
  • a description of the steps that the organization has taken to reduce the harm to affected individuals that could result from the breach;
  • a description of the steps that the organization has taken or intends to take to notify affected individuals of the breach;
  • the name and contact information of a person who can answer, on behalf of the organization, the Commissioner’s questions about the breach; and
  • an explanation of your assessment process for determining whether or not a breach resulted in a "real risk of significant harm" to affected individuals and your reasoning for not reporting a breach

For many organizations, common breaches such as lost or stolen laptops and phones, or emails with sensitive information being sent to the wrong people, tend to go unreported. If you haven't already, establish compliance procedures and an incident reponse plan for your business, and train your employees to flag breaches and maintain records.

For more information on PIPEDA and resources for compliance, visit the Office of the Privacy Commissioner's official website.

For information on insurance and risk management for your business, please contact a CapriCMW Risk Advisor.

Recent Blog Posts

Business Insurance / Construction, Real Estate, mass timber, sustainable housing
BC Proposes Building Code Changes to Allow 18-Storey Mass Timber Buildings

The provincial government has proposed changes to the British Columbia Building and Fire Codes (BC…

Dec 27th, 2023 | By: CapriCMW
Business Insurance / Small Business, SME, commercial property
Applications Open for BC's Securing Small Business Rebate Program

As of November 22, 2023, small businesses in BC can apply for a new provincial rebate to help them…

Dec 12th, 2023 | By: CapriCMW
Employee Benefits / employment law, employee benefts, pay transparency, pay equity
New Pay Disclosure Requirements Now in Effect for BC Employers

As of November 1, 2023, employers are required to include wage or salary ranges in job postings open…

Nov 16th, 2023 | By: CapriCMW
Search the Blog
photo-10.jpg

Confidence and Freedom

At CapriCMW, we provide personalized insurance and custom risk solutions to give you the confidence and freedom to focus on what matters to you. Talk to an Advisor or get a quote today.

Get a Quote    Or call 1-800-670-1877

Can’t find what you are looking for? Ask us!