With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Recent Posts
You Can’t Put the Toothpaste Back in the Tube: Why the Government’s Reported “Temporary” Plan for a Kids’ Social Media and AI Chatbot Ban Would Mean Mandated ID for Everyone 
The Law Bytes Podcast, Episode 271: Taking Stock of a Wild Week in Canadian Digital Policy With the Online Streaming Reversal, AI Strategy Release, and Lawful Access Review 
Canadian American Business Council on Bill C-22: It “Threatens Our Bilateral Partnership on Data Security” 
AI for All, Details to Follow: Government Releases a Big-Spending AI Strategy That Is Still Short on the Specifics That Matter 
New Privacy Rights in the Morning, Mandatory Metadata Retention in the Afternoon: How Bill C-22 Undercuts the AI Strategy Before It Launches
