With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Recent Posts
Why the Verdict on Social Media Defective Design Harming Children Gets the Instinct Right But the Law Wrong 
Scoping in the Tech Giants: Bill C-22’s International Production Order and the Shift to a Less Privacy-Protective Cross-Border Disclosure System 
The Law Bytes Podcast, Episode 263: The Lawful Access Act Roundtable With David Fraser and Robert Diab 
When Writing About Antisemitism Proves the Point: What the Replies Reveal 
Acting on Antisemitism: If This Was Always Possible, Why Didn’t It Happen Sooner?
