With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Recent Posts
Reversing the Reversal?: Government Puts Privacy Invasive Lawful Access Back on the Agenda 
Canadian Government Introduces New Stablecoin Act as Part of Budget Implementation Legislation 
The Law Bytes Podcast, Episode 250: Wikimedia’s Jan Gerlach on the Risks and Challenges with Digital Policy Reform 
The Law Bytes Podcast, Episode 249: The Debate Over Canada’s AI Strategy – My Consultation Submission and Appearance at the Canadian Heritage Committee 
How the Liberal and Conservative Parties Have Quietly Colluded to Undermine the Privacy Rights of Canadians
