With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.
Archive for October 4th, 2017
Recent Posts
The Law Bytes Podcast, Episode 231: Sara Bannerman on How Canadian Political Parties Maximize Voter Data Collection and Minimize Privacy Safeguards 
The Law Bytes Podcast, Episode 230: Aengus Bridgman on the 2025 Federal Election, Social Media Platforms, and Misinformation 
The Law Bytes Podcast, Episode 229: My Digital Access Day Keynote – Assessing the Canadian Digital Policy Record 
Queen’s University Trustees Reject Divestment Efforts Emphasizing the Importance of Institutional Neutrality 
The Law Bytes Podcast, Episode 228: Kumanan Wilson on Why Canadian Health Data Requires Stronger Privacy Protection in the Trump Era
