When the Personal Information Protection and Electronic Documents Act (PIPEDA) was amended by the Digital Privacy Act in 2015 to bring the legislation into the digital age, the amendments included a provision that introduced privacy breach reporting and record keeping requirements. The coming into force of these provisions was delayed to permit the development of regulations that would set out the details of organizations’ obligations. In September 2017, draft regulations were published, which set out various requirements such as the form, content, manner and timing of the mandatory breach reporting and record keeping obligations.
Through order in council, the federal government has now fixed the date for the coming into force of the mandatory breach reporting and record keeping provisions as November 1, 2018.
The draft regulations may be implemented at the same time, but allow for a lag period between the publication of the final regulations and their coming into force.
Some western Canadian jurisdictions already have breach notification requirements, including British Columbia, Alberta and Saskatchewan (as of January 1, 2018).
The order in council also fixes the date for the coming into force of enforcement provisions, which permit the Privacy Commissioner of Canada to enter into compliance agreements with organizations.
Organizations impacted by these changes may wish to contact a member of our Privacy and FOI Team for assistance in ensuring they are appropriately prepared for these changes. Among other things, our team members have experience with and can help to ensure that your organization develops and implements appropriate policies and procedures to prepare for these federal breach reporting and record keeping requirements.
Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.