On November 1, Canada's Breach of Security Safeguards Regulations went into effect, implementing the Personal Information Protection and Electronic Documents Act, known as "PIPEDA." The regulations provide the requirements for mandatory data breach notification to affected individuals and the Office of the Privacy Commissioner if a breach poses a real risk of significant harm to individuals. Companies also must maintain a record of every security incident for 24 months. Companies are subject to potential penalties of CAD$100,000 for failure to make notifications or maintain records.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.