Following the passage of Bill S-4, which amended PIPEDA, government regulators were tasked with creating regulations for Canada’s first-ever data breach notification scheme. They are currently being developed by the Department of Innovation, Science and Economic Development. The Chronicle Herald reports that Commissioner Daniel Therrien has now weighed in with his office’s opinion, which asks for direct notification of affected parties, with information about the circumstances surrounding the breach, including date, type of information lost, steps taken to mitigate harm, and measures consumers can take. For its part, the Canadian Bar Association weighed in as well, saying the regulations should not be “overly prescriptive” regarding the manner of notification.
If you want to comment on this post, you need to login.