With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Recent Posts
What the CRTC’s New Registration Requirements Mean for Regulating Everything from Online News Services to Podcast Providers 
The Law Bytes Podcast, Episode 179: Peter Menzies on Why the CRTC Feels Broken Right Now 
The Documents Don’t Lie, Even If It Appears Pablo Rodriguez Does: ATIP Reveals His Office Was Informed Within Minutes of CMAC/Marouf Termination Notice 
The Need for Truthful Accountability: What ATIP Records Tell Us About Pablo Rodriguez and Canadian Heritage Funding an Anti-Semite 
Why Industry Minister Champagne Broke the Bill C-27 Hearings on Privacy and AI Regulation in Only 12 Minutes
