With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Law Bytes
Episode 200: Colin Bennett on the EU’s Surprising Adequacy Finding on Canadian Privacy Law
byMichael Geist
April 22, 2024
Michael Geist
April 15, 2024
Michael Geist
April 8, 2024
Michael Geist
March 25, 2024
Michael Geist
March 18, 2024
Michael Geist
Search Results placeholder
Recent Posts
- The Law Bytes Podcast, Episode 200: Colin Bennett on the EU’s Surprising Adequacy Finding on Canadian Privacy Law
- Debating the Online Harms Act: Insights from Two Recent Panels on Bill C-63
- The Law Bytes Podcast, Episode 199: Boris Bytensky on the Criminal Code Reforms in the Online Harms Act
- AI Spending is Not an AI Strategy: Why the Government’s Artificial Intelligence Plan Avoids the Hard Governance Questions
- The Law Bytes Podcast, Episode 198: Richard Moon on the Return of the Section 13 Hate Speech Provision in the Online Harms Act