Information
Protection
On Nov. 1, 2018, the new mandatory breach notification
rules under the Personal Information and Protection
and Electronic Documents Act (PIPEDA) and the related
Breaches of Security Safeguards Regulation came
into force. PIPEDA applies to organizations that are either: 1)
federally regulated; 2) move personal information across provincial
or international borders; or 3) located in provinces who
have failed to adopt similar legislation to PIPEDA – which, at
present, is every province except Alberta, British Columbia
and Québec. The Alberta legislation contains breach notification
rules – outlined below – whereas the legislation in B.C. and
Québec does not. The Breach Rules will apply to all personal
information that is caught by PIPEDA in B.C. and Québec, but
does not apply to personal information caught only by the B.C.
or Québec privacy legislation.
As of Nov. 1, 2018, organizations subject to PIPEDA are
required to report to the Office of the Privacy Commissioner
of Canada (OPCC), as well as the affected individuals, any
breach of security safeguards involving personal information
under the organization’s control, if it is reasonable in the circumstances
to believe that the breach creates a real risk of
significant harm to the affected individuals.
PIPEDA requires that personal information must be protected
by security safeguards appropriate to the sensitivity
NULINUKAS / 123RF
What you need to know about the new Breach
Notification Rules under PIPEDA
By Kelsey M. Yakimoski and Paul K. Grower, Fillmore Riley LLP
LEGAL
PILING CANADA 75
/profile_nulinukas
