Data Breach reporting and recordkeeping requirements coming to Canada

hand holding a ball with random numbers printed all over it
The Office of the Privacy Commissioner of Canada advises on their web site that with the Digital Privacy Act having received Royal Assent in June, 2015, this means that data breach reporting, notification and recordkeeping requirements will be brought into force once related regulations outlining specific requirements are developed and in place. Once in force, here is what the government web site states regarding the new requirements:
  • Once in force, a major change is a new requirement for organizations to report to our Office and notify affected individuals and relevant third parties (in certain circumstances) about “breaches of security safeguards” that pose a “real risk of significant harm” to affected individuals. “Breach of security safeguards” is defined in PIPEDA and generally includes what is commonly known as a data breach.
  • The concept of “significant harm” includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss and identity theft among others. Factors that organizations will need to consider when assessing the presence of a real risk of significant harm include the sensitivity of the information involved and probability that the information was or will be misused (or any other prescribed factor).
  • Notification to affected individuals and reporting to the OPC will be required as soon as feasible after an organization determines that the breach has occurred. An organization will also be required to notify any other organization or government institution if it believes the other body may be able to reduce the risk of or mitigate the harm. For example, a retailer could notify a credit card issuing bank or law enforcement agency. The consent of individuals would not be required for such disclosures.
  • Organizations will also be required to keep a record of all breaches involving personal information and provide a copy to the OPC upon request. Organizations that knowingly fail to report to the OPC or notify affected individuals of a breach that poses a real risk of significant harm, or knowingly fail to maintain a record of all breaches could face fines of up to $100,000.
  • More specific requirements relating to breaches will be set out in associated regulations to be developed by the federal government.
  • Until the provisions come into force, breach reporting will remain voluntary. We continue to urge organizations to report breaches to our Office by visiting our privacy breaches reporting web page and to notify affected customers where appropriate in accordance with our breach notification guidelines.
Watch for our next blog on “10 tips for Reducing Likelihood of a Data Breach” as advised by the Office of the Privacy Commissioner of Canada, and how BSC Solutions Group can help.

May 17, 2017 10:00:55 AM

Bill Boisvenue

Leave a Reply

Your email address will not be published. Required fields are marked *



Getting your computer network, phones and software applications to work shouldn’t be a monumental project;
yet we constantly hear from frustrated organizations like yours who call us when they’ve finally
had enough of the poor services and excuses from their current IT support firm.

Our offer of a FREE Service ticket is a no-risk way of introducing our services.
Let us diagnose and work on the computer problem of your choice and
find out what over 25 years of service excellence feels like.

Accepting this free offer in no way obligates you to do any further business with us but of course we hope you will!

1. Because our resources are not unlimited, the free service ticket will cover a maximum of 2 hours of remote support for 1 service issue.
2. Since customers who are the best fit for our services have a minimum of 10 computers, this free offer only applies to organizations of this size.
3. This offer applies only to organizations who are not already a customer of BSC Solutions Group.

Please fill out this form and a BSC Solutions Group “IT Guardian Angel”
will contact you within 24 hours.