Are You Ready for Canada’s New Privacy Breach Rules?

Written by

Mandatory privacy breach notification, reporting and record-keeping obligations under Canada’s federal data protection law called the Personal Information Protection and Electronic Documents Act (PIPEDA) will come into force as of November 1, 2018.

Earlier this year, the Canadian government published new privacy-related obligations under PIPEDA.  PIPEDA applies to private-sector organizations and sets the ground rules for how businesses must handle personal information in the course of commercial activity.  The new obligations present challenges to organizations, requiring an additional rigor in their legal risk management, compliance and incident response planning and preparedness.

Fasken, a Canadian law firm, published guidance with 6 key practical steps that organizations should consider for compliance with these new obligations:

  1. Identify the range of rules that may apply in a privacy breach
  2. Assess breach detection capabilities
  3. Update incident response plan
  4. Implement a breach record keeping strategy
  5. Review service provider relationships
  6. Understand insurance coverage and requirements

For more information, please see “Practical Guidance for Complying with Canada’s New Privacy Breach Rules” available at: