Breach Notification , Incident & Breach Response , Managed Detection & Response (MDR)

Canada's Tough New Breach Reporting Regulations

Attorney Imran Ahmad Discusses Potential Impact
Imran Ahmad, business law partner, Miller Thomson LLP

Canada had been lagging behind the U.S. and some other nations in terms of breach notification regulations, but now it's catching up, says attorney Imran Ahmad, who explains new requirements that are coming into effect.

See Also: Live Webinar | Cyber Resilience: Recovering from a Ransomware Attack

Previously in Canada, entities experiencing a breach were required to identify what kind of breach occurred and to notify regulators. "Contacting affected individuals [about the breach] would be something you would delegate to the regulators to get advice and guidance on," he says.

But that all changes under the Digital Privacy Act of 2015, which amended certain Canadian privacy regulations in three key ways and will likely go into effect by the end of 2017, Ahmad says.

Those changes include mandatory breach notification to affected individuals; keeping a record log for two years of any types of data breaches that occur; and imposing sanctions of up to $100,000 for each violation of the new law, he says.

Those amendments provide "a bit more teeth" to Canadian data breach legal requirements, he notes.

In the interview conducted at Information Security Media Group's recent Fraud and Breach Summit in Toronto Ahmad, who was a panelist, also discusses:

  • The potential impact of Canada's new breach notification regulations on U.S.-based companies;
  • The impact on the security action plans of Canadian companies;
  • Cyber insurance considerations related to Canada's new breach notification law.

Ahmad is a business law partner in the Toronto office of Miller Thomson who specializes in the areas of cybersecurity, technology and privacy law.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.