With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Recent Posts
CRTC Ruling Signals How Bill C-11 Could Be Used To Regulate Internet Content 
The Missing Bill C-18 Charter Statement: Why Did the Justice Department Remove the Document Confirming the Online News Act Includes Payments for Internet Linking? 
The Law Bytes Podcast, Episode 132: Ryan Black on the Government’s Latest Attempt at Privacy Law Reform 
CRTC Chair Ian Scott Confirms Bill C-11 Can Be Used To Pressure Internet Platforms to Manipulate Algorithms 
My Appearance Before the Senate Transport and Communications Committee on Bill C-11: The Senate Starts Review As Bill Receives House Approval
