Announcement

October 31, 2019

Privacy Commissioner shares lessons learned after one year of mandatory breach reporting

The Office of the Privacy Commissioner of Canada (OPC) has published a blog post to mark the one-year anniversary of mandatory breach reporting under the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s federal private sector privacy law.

The blog post provides some observations and statistics on the breach reports received by the OPC, as well as some early trends. It also contains helpful compliance tips.

Organizations subject to PIPEDA are required to report to the OPC any breaches of security safeguards involving personal information that pose a real risk of significant harm to individuals. They also need to notify affected individuals about those breaches, and keep records of all data breaches within the organization.