From: The National Law Review
In a recent post, we discussed the Canadian Cabinet’s announcement that Canada’s new data breach regulations go into effect on November 1, 2018. Despite announcing the effective date, Canada had not yet finalized these regulations. However, on April 18, 2018, Canada unveiled the Breach of Security Safeguard Regulations: SOR/2018-64 (“Regulations”).
To highlight some of the finer points, in order to trigger notification requirements, the Regulations require organizations to determine if a data breach poses a “real risk of significant harm” to any individual had their information accessed in the breach. If an organization meets this harm threshold, then the affected organization must notify the Privacy Commissioner of Canada, as well as the affected individuals.