With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017

Law Bytes
Episode 237: A Conversation with Jason Woywada of BCFIPA on Political Party Privacy and Bill C-4
byMichael Geist

June 23, 2025
Michael Geist
Search Results placeholder
Recent Posts
Ignoring the Warning Signs: Why Did the Canadian Government Dismiss the Trade Risks of a Digital Services Tax?
Why Bill C-2 Faces a Likely Constitutional Challenge By Placing Solicitor-Client Privilege at Risk
The Law Bytes Podcast, Episode 237: A Conversation with Jason Woywada of BCFIPA on Political Party Privacy and Bill C-4
Lawful Access on Steroids: Why Bill C-2’s Big Brother Tactics Combine Expansive Warrantless Disclosure with Unprecedented Secrecy
Government Reverses on Privacy and the Charter: Department of Justice Analysis Concludes Political Party Privacy Bill Raises No Charter of Rights Effects