Canada's Privacy Breach Notification Requirements Coming into Force
Canada’s Privacy Breach Notification Requirements Coming into Force
The provisions of Canada’s Digital Privacy Act dealing with privacy breach notification and breach record keeping (the “Provisions”) will come into force on November 1, 2018. Once in force, these Provisions will constitute a major change to Canada’s privacy law. For unknown reasons, the federal government made this announcement without fanfare or even a government press release.
The Digital Privacy Act was enacted in 2015, but the Provisions remained in limbo, not having been brought into force with the balance of the statute.
Summary of Provisions
In summary, the Provisions address several subjects:
Breach Notification
- Each organization will be required to report to the Privacy Commissioner of Canada any breach of security safeguards involving personal information under its control, if it is reasonable in the circumstances to believe the breach creates a real risk of significant harm to an individual.
- If this same test is met and unless otherwise prohibited by law, an organization will be required to notify an individual of any breach of security safeguards involving the individual’s personal information under the organization’s control.
- If an individual must be given such notice, the organization will also have to notify any other organization or government of the breach if the notifying organization believes the other organization or government may be able to reduce the risk of harm that could result from the breach or mitigate that harm.
- The form and content of such notices are to be prescribed in future regulations.
- These notifications must be given as soon as feasible after the organization determines the breach has occurred. The Canadian statute does not name a specific timeline, unlike the new European privacy regulation due to come into effect in May 2018.
Breach Record Keeping
- An organization will be required to keep and maintain a record of every breach of security safeguards involving personal information under its control, in accordance with regulations to be released in the future. Importantly, a record of all such breaches of security safeguards involving personal information will have to be made, not only those where there is a real risk of significant harm to an individual.
Whistleblowing
- Enhanced whistleblowing provisions will apply.
Authors
Insights
-
Banking and Financial Services
Practical Law The Journal - Canadian Interest Rate Transition from CDOR to CORRA
The article, “Canadian Interest Rate Transition from CDOR to CORRA” authored by Michael Bertrand, has been republished in Practical Law The Journal, December 2024 Year in Review Issue.The article… -
Financial Services Regulatory
FINTRAC Advisory Concerning Financial Transactions Related to High-Risk Countries Identified by the FATF
On November 18, 2024, the Financial Transactions and Reports Analysis Centre (FINTRAC) issued an updated advisory (the “Advisory”) concerning financial transactions related to countries identified by… -
Acquisition Finance
In-Depth: Acquisition and Leveraged Finance - Edition 11 - Canada
David Nadler, David Wiseman, Dan Dedic, Caroline Descours, Cathy Costa-Faria, Chris Baxter and Zhiyao Chen have co-authored the Canada Chapter in Lexology's In-Depth: Acquisition and… -
Banking and Financial Services
Canadian Securities Regulators Publish Temporary Exemptions For Derivatives Data Reporting Requirements
On October 31, 2024, the Canadian Securities Administrators (CSA) introduced temporary relief from certain derivative data reporting requirements under the Trade Reporting Rules identified… -
Banking and Financial Services
OSFI Releases Annual Report For Fiscal Year 2023 – 2024
On October 15, 2024, the Office of the Superintendent of Financial Institutions (OSFI) published its annual report for the fiscal year from April 1, 2023 to March 31, 2024 (the “Annual Report”), which… -
Capital Markets
Canadian Securities Administrators Further Extend Compliance Deadline in Interim Approach to Value-Referenced Crypto Assets
On September 26, 2024, the CSA provided a further update for crypto asset trading platforms (CTPs) that are registered, or that have provided a pre-registration undertaking (PRU), on the interim…
Featured Work
-
Mining
Coeur Mining, Inc. to acquire SilverCrest Metals Inc. at an implied equity value of approximately US$1.7 billion
Goodmans LLP acted as Canadian counsel to Coeur Mining, Inc. in connection with entering into a definitive agreement with SilverCrest Metals Inc., whereby pursuant to a plan of arrangement Coeur will… -
Banking and Financial Services
Majority interest in Vault Credit Corporation and Vault Home Credit Corporation sold for $60 Million to HB Leaseco affiliate
Goodmans LLP represented Vault Credit Corporation and Vault Home Credit Corporation in the sale of Chesswood Group Limited's entire interest in Vault to an affiliate of HB Leaseco Holdings Inc., in… -
Restructuring
Contract Pharmaceuticals CCAA proceedings and sale to Aterian Investment Partners
Goodmans LLP acted as counsel to Contract Pharmaceuticals Limited and its affiliates in connection with their CCAA proceedings and other restructuring… -
Technology
Raymond James Ltd. facilitates $17.5 million equity financing for Vecima Networks Inc.
Goodmans LLP acted for Raymond James Ltd. in connection with the $17.5 million equity financing involving a brokered private placement of 833.2 million Subscription Receipts of Vecima Networks Inc… -
Mergers and Acquisitions
Apotex Inc. acquires Searchlight Pharma Inc.
Goodmans LLP advised Apotex Inc. in connection with its acquisition of Searchlight Pharma Inc… -
Mining
Hudbay Minerals completes US$402 million bought deal equity offering
Goodmans LLP advised Hudbay Minerals Inc. in the public offering of its common shares for aggregate gross proceeds of US$402,477,000, including the full exercise of the underwriters’ overallotment…
News & Events
-
Banking and Financial Services
IFLR1000 2024 Recognizes Goodmans Lawyers and Practices
We are proud to announce Goodmans continues to be recognized by IFLR1000 in its annual guide.Recognition in IFLR1000 is based on a combination of in-depth qualitative research and direct client… -
Banking and Financial Services
Goodmans Once Again Receives Top-Tier Recognition from The Legal 500 Canada
We are pleased to announce Goodmans LLP has once again received top-tier recognition from The Legal 500 Canada in their 2025 Guide released today.Recognition from The Legal 500 is based on independent… -
Banking and Financial Services
Goodmans Recognized in the Inaugural Edition of Best Law Firms - Canada 2025
Goodmans is delighted to share we are featured in the inaugural edition of Best Law Firms - Canada 2025, recognizing us as one of the country’s exceptional law firms across 40 industries and practices…