With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Recent Posts
Scoping User Content Out of Bill C-11: Senate Committee Makes Much-Needed Change, But Will the Government Accept It? 
From Bad to Worse: Senate Committee Adds Age Verification Requirement for Online Undertakings to Bill C-11 
How the Government Is Using Bill C-18 to Pick Media Winners and Losers 
The Law Bytes Podcast, Episode 149: Ryan Clements on the FTX Collapse and Canada’s Approach to Crypto Regulation 
Money for Nothing: Government Quietly Expands Bill C-18 Eligibility to Broadcasters That May Not Even Produce News Content
