With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Episode 65: My Ian Kerr Memorial Lecture – Privacy and Zambonis in the Age of COVID-19
by Michael Geist
August 24, 2020
August 17, 2020
August 10, 2020
Episode 62: Colin Bennett on What the Schrems II Decision Means for Global Data Transfers and Canadian Privacy Law
August 3, 2020
Episode 61: Senator James Cowan on the Extraordinary Battle for a Genetic Anti-Discrimination Law in Canada
July 27, 2020
- “Get Money From Web Giants”: Why Canadian Heritage Minister Steven Guilbeault’s Top Legislative Priority is Risky Business
- Why It’s Time to Reboot Canada’s Failed Digital Agenda
- Weakening Net Neutrality: How the Government’s Internet Regulation Plan Abandons the Principle of Equal Treatment of Content Online
- No Policies on Real Issues and Harmful Policies on Non-Issues: How the Government Bungled the Internet Regulation File
- As Heritage Minister Steven Guilbeault Plans Link Taxes and Internet Content Regulation, Where Is Navdeep Bains?