Canadian Data Breach Reporting Now in Effect

Protect Your Information Poster

Effective today, Nov. 1st, new Data Breach Reporting obligations take effect, requiring Canadian organizations to report certain breach of security safeguards to the Canadian Privacy Commissioner’s Office and to notify anyone affected.

“The number and frequency of significant data breaches over the past few years have proven there’s a clear need for mandatory reporting,” says Commissioner Daniel Therrien. “Mandatory breach reporting and notification will create an incentive for organizations to take security more seriously and bring enhanced transparency and accountability to how organizations manage personal information.”

Under the new Personal Information Protection and Electronic Documents Act (PIPEDA), organizations must:

  • Report to the Privacy Commissioner’s office any breach of security safeguards where it creates a “real risk of significant harm;”
  • Notify individuals affected by a breach of security safeguards where there is a real risk of significant harm;
  • Keep records of all breaches of security safeguards that affect the personal information under their control; and
  • Keep those records for a minimum two years.

Security Safeguards

A breach of security safeguards is defined as “the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards …, or from a failure to establish those safeguards.”

The new data breach reporting regulations state that the nature and level of security safeguards in place should be relative to the sensitivity, amount, distribution, format and storage method of the information.

Methods of protection should include physical measures (e.g. locks, alarm/access control system), organizational measures (e.g. policies & procedures limiting access to personal information), and technological measures (e.g. use of passwords and encryption).

Real Risk of Significant Harm

Significant harm in this context is defined as “bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property.”  Other factors to be considered are the sensitivity of the personal information involved and the likelihood that information has/is/will be misused.

More details on these new data breach reporting regulations can be found here.

If you have concerns about the adequacy of IT security safeguards in your organization, let us perform an IT Security Assessment.  We will identify any areas of concern and recommend how to better protect your own, your customers’ and your employees’ confidential data. 

November 01, 2018 12:51:12 PM

Bill Boisvenue

Leave a Reply

Your email address will not be published. Required fields are marked *



Getting your computer network, phones and software applications to work shouldn’t be a monumental project;
yet we constantly hear from frustrated organizations like yours who call us when they’ve finally
had enough of the poor services and excuses from their current IT support firm.

Our offer of a FREE Service ticket is a no-risk way of introducing our services.
Let us diagnose and work on the computer problem of your choice and
find out what over 25 years of service excellence feels like.

Accepting this free offer in no way obligates you to do any further business with us but of course we hope you will!

1. Because our resources are not unlimited, the free service ticket will cover a maximum of 2 hours of remote support for 1 service issue.
2. Since customers who are the best fit for our services have a minimum of 10 computers, this free offer only applies to organizations of this size.
3. This offer applies only to organizations who are not already a customer of BSC Solutions Group.

Please fill out this form and a BSC Solutions Group “IT Guardian Angel”
will contact you within 24 hours.