With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Recent Posts
The Sound of Silence: On Being Jewish in Canada in 2025 
The Law Bytes Podcast, Episode 241: Scott Benzie on How Government Policy Has Eroded Big Tech Support for Canadian Culture 
What Is the Canadian Government Doing With Its Incoherent Approach to TikTok? 
The Law Bytes Podcast, Episode 240: Dean Beeby on Why Canada’s Language Laws May Stop Government From Posting Access to Information Records Online 
Risky Business: The Legal and Privacy Concerns of Mandatory Age Verification Technologies
