With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Recent Posts
The Law Bytes Podcast, Episode 258: Jaxson Khan With an Insider Perspective on AI Policy Development in Canada 
Time for the Government to Fix Its Political Party Privacy Blunder: Kill Bill C-4’s Disastrous Privacy Rules 
The Law Bytes Podcast, Episode 257: Lisa Given on What Canada Can Learn From Australia’s Youth Social Media Ban 
Court Ordered Social Media Site Blocking Coming to Canada?: Trojan Horse Online Harms Bill Clears Senate Committee Review 
An Illusion of Consensus: What the Government Isn’t Saying About the Results of its AI Consultation
