With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017

Law Bytes
Episode 235: Teresa Scassa on the Alberta Clearview AI Ruling That Could Have a Big Impact on Privacy and Generative AI
byMichael Geist

May 5, 2025
Michael Geist
Search Results placeholder
Recent Posts
The Law Bytes Podcast, Episode 235: Teresa Scassa on the Alberta Clearview AI Ruling That Could Have a Big Impact on Privacy and Generative AI
What Is With This Government and Privacy?: Political Party Privacy Safeguards Removed in “Affordability Measures” Bill
More Than Just Phone Book Data: Why the Government is Dangerously Misleading on its Warrantless Demands for Internet Subscriber Information
Privacy At Risk: Government Buries Lawful Access Provisions in New Border Bill
The Law Bytes Podcast, Episode 234: “Solutions Aren’t Going to be Found Through Nostalgia”: Mark Musselman on the CRTC Hearings on Canadian Content Rules