Private sector organizations following federal privacy law will have to provide breach notifications to customers and the privacy commissioner where it is reasonable to believe that the breach creates a “real risk of significant harm,” under long-awaited proposed regulations to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
The draft regulations, if and when they come in force, are expected to provide Canadians with better protection while providing organizations with yet another compelling incentive to adopt better security practices to thwart a phenomenon that is occurring with alarming frequency, according to privacy experts.
Early this month, a security breach at credit-monitoring company Equifax Inc., one of three major credit bureaus in the United States, could affect up to 143 million Americans and an undisclosed number of Canadians. More recently still, the personal information of some one million users from the news and entertainment website Canoe.ca were exposed after some of its databases were hacked.