905-458-9333 or 1-(800)-958-2341

Canadian Data Breach Reporting Beginning November 1, 2018

Law book and gravel

Starting November 1, 2018 Canadian companies will be required to report data breaches to customers, affected third parties and the federal privacy commissioner.  The specific regulations of this new data breach reporting law have not yet been finalized but are expected to be released in the coming months. 

Draft  regulations were released in September, 2017.  The regulations refer to mandatory data breach reporting as follows:

  • The organization must determine if the breach poses a “real risk of significant harm” to any individual whose information was involved in the breach (“affected individuals”) by conducting a risk assessment. The assessment of risk must consider the sensitivity of the information involved, and the probability that the information will be misused;
  • When the organization considers that a breach is posing a real risk of significant harm, it must notify affected individuals and report to the Privacy Commissioner of Canada (the Commissioner) as soon as feasible;
  • The organization must notify any other organization that may be able to mitigate harm to affected individuals; and
  • The organization must maintain a record of any data breach that the organization becomes aware of and provide it to the Commissioner upon request.

These federal data breach notification obligations will apply to federally-regulated firms including banks, telecom companies and transportation firms, as well as firms located in all provinces except Quebec, Alberta and British Columbia.  These provinces have their own privacy laws. 

Information that must be provided to affected individuals includes:

 (a) a description of the circumstances of the breach;

(b) the day on which, or period during which, the breach occurred;

(c) a description of the personal information that is the subject of the breach;

(d) a description of the steps that the organization has taken to reduce the risk of harm to the affected individual resulting from the breach or to mitigate that harm;

(e) a description of the steps that the affected individual could take to reduce the risk of harm resulting from the breach or to mitigate that harm;

(f) a toll-free number or email address that the affected individual can use to obtain further information about the breach; and

(g) information about the organization’s internal complaint process and about the affected individual’s right, under the Act, to file a complaint with the Commissioner.

As for not complying with these new data breach reporting regulations, courts can impose fines and order non-compliant organizations to change their practices. 

Experts believe that organizations are not doing what they should to protect the data they are entrusted with.  This, they conclude, is why data breaches are on the rise.  They also note that even though a data breach may not appear to have caused any harm, one must be aware of the fact that cyber criminals will often perform “test attacks” before taking things a step further.  They may also stay dormant on a network after a breach, until a later time, or use a breach as a distraction while they carry on with other more harmful activities. 

These regulations are intended to better protect Canadians’ personal information and to minimize harm to those affected by a data breach, by encouraging and enforcing better data security practices.  Individuals affected by a breach can immediately act to protect themselves. 

BSC Solutions Group provides cyber security solutions for organizations, to minimize the threat of data loss or breach.  Contact us today to learn more.   

May 01, 2018 4:29:09 PM

admin

Leave a Reply

Your email address will not be published. Required fields are marked *


logoimg

BOOK A FREE SERVICE TICKET


Getting your computer network, phones and software applications to work shouldn’t be a monumental project;
yet we constantly hear from frustrated organizations like yours who call us when they’ve finally
had enough of the poor services and excuses from their current IT support firm.

Our offer of a FREE Service ticket is a no-risk way of introducing our services.
Let us diagnose and work on the computer problem of your choice and
find out what over 25 years of service excellence feels like.

Accepting this free offer in no way obligates you to do any further business with us but of course we hope you will!

Conditions:
1. Because our resources are not unlimited, the free service ticket will cover a maximum of 2 hours of remote support for 1 service issue.
2. Since customers who are the best fit for our services have a minimum of 10 computers, this free offer only applies to organizations of this size.
3. This offer applies only to organizations who are not already a customer of BSC Solutions Group.

Please fill out this form and a BSC Solutions Group “IT Guardian Angel”
will contact you within 24 hours.









Close

×