This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice (http://www2.deloitte.com/ca/en/legal/cookies.html) for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

Consultation on Data Breach Regulations under the Personal Information Protection and Electronic Documents Act

  • Canada Image

Mar 04, 2016

On March 4, 2016 the Department of Innovation, Science and Economic Development Canada released a discussion paper on the new data breach regulations being proposed. The Ministry is accepting public submissions until May 31, 2016 on the proposed Data Breach Notification and Reporting Regulations.

On June 18, 2015, the Digital Privacy Act (also known as Bill S-4) received Royal Assent in Canada’s Parliament. The Digital Privacy Act amended Canada’s private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA). In general, PIPEDA sets the rules for the collection, use and disclosure of personal information by organizations in the course of commercial activities. It establishes basic legal requirements that private-sector organizations must respect to ensure that Canadians trust that their privacy will be protected when their personal information is in the hands of businesses.

Among other important changes, the Digital Privacy Act amended PIPEDA to require private‑sector organizations to notify Canadians in circumstances where their personal information has been lost or stolen, and they have been put at risk of harm as a result. In addition, organizations are required to report these potentially harmful data breaches to the Privacy Commissioner of Canada.

The new data breach requirements in PIPEDA will come into force once the Government passes regulations, which will provide greater clarity and specificity of the requirements of the Act. The purpose of this discussion paper is to solicit stakeholder input and views on these regulations. Comments received will be taken into consideration in the preparation of the draft regulations.

Review the Discussion Paper on the Web site of the Government.

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.