With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Recent Posts
Why The Recent TikTok Privacy Ruling Swaps Privacy for Increased Surveillance 
The Law Bytes Podcast, Episode 245: Kate Robertson on Bill C-2’s Cross-Border Data Sharing Privacy Risks 
The Law Bytes Podcast, Episode 244: Kris Klein on the Long Road to a Right to be Forgotten Under Canadian Privacy Law 
Government Doubles Down in Defending Bill C-2’s Information Demand Powers That Open the Door to Warrantless Access of Personal Information 
The Law Bytes Podcast, Episode 243: What Are Canada’s Digital Policy Plans as Parliament Returns from the Summer Break?
