With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017

Law Bytes
Episode 247: My Senate Appearance on the Bill That Could Lead to Canada-Wide Blocking of X, Reddit and ChatGPT
byMichael Geist

October 27, 2025
Michael Geist
October 20, 2025
Michael Geist
October 6, 2025
Michael Geist
September 22, 2025
Michael Geist
September 15, 2025
Michael Geist
Search Results placeholder
Recent Posts
The Law Bytes Podcast, Episode 247: My Senate Appearance on the Bill That Could Lead to Canada-Wide Blocking of X, Reddit and ChatGPT
The Law Bytes Podcast, Episode 246: Mohamed Zohiri on the Rise and Emerging Regulation of Stablecoins
Senate Bill Would Grant Government Regulatory Power to Mandate Age Verification For Search, Social Media and AI Services Accompanied By Threat of Court Ordered Blocking of Lawful Content
Government Reverses on Bill C-2: Removes Lawful Access Warrantless Demand Powers in New Border Bill
Why The Recent TikTok Privacy Ruling Swaps Privacy for Increased Surveillance

