With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Recent Posts
The Law Bytes Podcast, Episode 266: Justin Safayeni on the Ontario Government’s Overnight Evisceration of Access to Information 
AI Without Canada: Why the Heritage Committee’s AI Report Could Lead to Less Canadian Content in the Training Data 
Addressing the AI Policy Challenge: My Appearance before the Standing Senate Committee on Transport and Communications 
Lawful Access Heads to Committee: The Opposition Found Its Voice, the Government Never Found Its Defence 
Is Data De-Identification Dead?: Why the AI Privacy Risk Isn’t What It Learns, But What It Figures Out
