With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Recent Posts
The Lawful Access Two-Headed Surveillance Monster: How Bill C-22 Went Off the Rails 
How Much Further Will Lawful Access Go?: Police Chief Tells Bill C-22 Hearing That Three Years of Metadata Retention Would Be “Ideal” 
Bill C-22’s Groundhog Day: Why the Government’s Dismissal of Signal, Apple and the U.S. Congress Concerns Runs Back the Disastrous Online News Act Playbook 
Slick Videos Won’t Save Lawful Access: Why The Government’s Bill C-22 Defence Avoids the Charter, Privacy and Security Concerns Raised By Critics 
The Law Bytes Podcast, Episode 268: Sara Grimes on the Moral Panic Behind Banning Kids from Social Media and AI Chatbots
