Several years after passing into law, the Canadian government has finally set an effective date for long-overdue data breach disclosure rules. The requirements were included in the Digital Privacy Act that was passed in 2015, but the accompanying regulations literally took years to finalize. Earlier this year, I argued that the failure to expedite security breach disclosure rules was an embarrassing failure for successive Conservative and Liberal governments, placing the personal information of millions of Canadians at risk and effectively giving a free pass to companies that do not adequately safeguard their customers’ information.
Archive for April 4th, 2018

Law Bytes
Episode 275: David Loukidelis on Why Stripping Privacy Enforcement from Canada’s Privacy Commissioner in Bill C-36 is Unnecessarily Risky Policy
byMichael Geist

June 22, 2026
Michael Geist
Search Results placeholder
Michael Geist on Substack
Recent Posts
Why Being Locked Out of Frontier AI is The Sovereignty Threat Canada Missed
Blocked Twice: How Bill C-34’s Kids’ Social Media Ban Would Compound the Online News Act’s Harm to Young Canadians’ News Access
The Law Bytes Podcast, Episode 275: David Loukidelis on Why Stripping Privacy Enforcement from Canada’s Privacy Commissioner in Bill C-36 is Unnecessarily Risky Policy
The Data on Australia’s Social Media Ban: The Better the Privacy Protection, The Less Effective the Ban
Shaky Ground Gets Shakier: What the U.S. Supreme Court’s Location Data Decision Means for Bill C-22

