Hard-hitting amendments to Canada’s PIPEDA now effective

On November 1, rigorous amendments to Canada’s PIPEDA (Personal Information Protection and Electronic Documents Act) took effect. The law, which applies to private-sector organizations operating in Canada or doing business with Canadian customers, now requires mandatory reporting of certain security breaches.

Organizations subject to PIPEDA will be required to:

  • “Report to the Privacy Commissioner of Canada breaches of security safeguards involving personal information that pose a real risk of significant harm to individuals
  • Notify affected individuals about those breaches; and
  • Keep records of all breaches”

By releasing these amendments, Canada joins a host of other countries and all 50 U.S. states in requiring certain notifications (to certain individuals) in the event of a data security event. For example, the EU GDPR stipulates that if a data breach does occur, it must be reported to the relevant supervisory authority within 72 hours. Impacted individuals should also be informed if there is a risk to their rights and freedoms, such as identity theft or personal safety.

“The number and frequency of significant data breaches over the past few years have proven there’s a clear need for mandatory reporting,” said Daniel Therrien of Canada. “Mandatory breach reporting and notification will create an incentive for organizations to take security more seriously and bring enhanced transparency and accountability to how organizations manage personal information.”

Worldwide cybersecurity (Brazil and Israel)

Regardless of a consumer’s physical location, their data privacy rights must be protected.  Recently we’ve witnessed many countries stepping up their protection regimes. Last August, the president of Brazil, Michael Temer signed the General Data Protection Law (LGPD), effective in 2020. In March 2017, the Israeli Knesset passed its cybersecurity law, which became effective, March 2018. Other nations are doing similar work to enhance their cybersecurity law.

Now is the time to learn how your organization can be compliant with the appropriate regulations affecting you.

IT Governance USA offers data protection/GDPR training courses in both online and classroom learning formats: Online courses are offered in East and West Coast time zones, and classroom training courses take place in Boston, NYC, and San Francisco. To browse our Data Protection / EU GDPR training course options click here.

Special Holiday Sale

Take advantage of our special holiday season promotion.  The more you purchase the more you save.  Receive up to $500 off your purchase.  Discounts are automatically applied in your shopping cart, no promo code is required.  This promotion is available on all products and services.  Click here for more info.