With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Recent Posts
The Law Bytes Podcast, Episode 101: OpenMedia’s Laura Tribe on Digital Policy and the 2021 Canadian Election 
The Law Bytes Podcast, Episode 100: David Vaver With a Masterclass on Copyright and User Rights 
The Liberal Election Platform: Government Picks Internet Regulation Over Internet Affordability 
The Law Bytes Podcast, Episode 99: “They Just Seemed Not to Listen to Any of Us” – Cynthia Khoo on the Canadian Government’s Online Harms Consultation 
The Conservative Election Platform: Freedom of Expression Commitment Tainted By Support for Payments for Links, Restrictions on Fair Dealing
