With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Recent Posts
Improv Policy: The Government Doesn’t Know What To Do About Its Online Streaming Act Mess 
Soft Ban or Hard Verification Requirement?: Why Bill C-34’s Social Media Ban Exemption Gets the Incentives Wrong and Comes Too Late to Matter 
New Rights, New Powers, Long Delays: Bill C-36’s Seven-Step Process for Privacy Reform to Take Effect 
The Law Bytes Podcast, Episode 273: Rebroadcast of the Globe and Mail’s The Decibel on Canada’s First Steps Towards a Social Media Ban 
Midnight Madness: The Government Rushes Lawful Access Bill Through the House Without Debate or a Recorded Vote
