With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Recent Posts
Canada’s Digital Super-Regulator: Bill C-36 Pushes Out the Privacy Commissioner and Hands Private Sector Privacy to an Overloaded Commission 
The Commission: How Bill C-34 Creates an Internet Super-Regulator That Will Touch the Lives of Millions of Canadians 
The Law Bytes Podcast, Episode 272: Build Canada’s Lucy Hargreaves on Canada’s AI Strategy and the Need to Shift From Being Users to Builders 
Privacy as a Fundamental Right? The Government’s Terrible Privacy Track Record Suggests Virtue Signalling Over a Genuine Commitment 
Taking Stock of Bill C-34: Five Things to Know About the Government’s Plan for a Kids’ Social Media Ban, Mandated Age Verification, and AI Chatbot Rules
