New Law Requires Canadian Companies to Disclose More Information about Data Breaches

Regulations are finally going into effect to protect Canadian consumers from the threats of data breaches.

Under the Digital Privacy Act which became law in 2015, Canadian companies are required to tell consumers when personal information is at risk due to a data breach. The law will go into effect on November 1, 2018.

Organizations will be required to provide:

• A description of the breach, including the date and type of information at risk

• The steps taken by the organization to reduce risk and harm

• How the affected individuals can reduce their risk after the breach

• Contact information to obtain more information and information about the organization’s internal complaint process and the affected individual’s right to file a complaint

Any organizations that fail to report breaches or take the proper steps could face fines up to $100,000. Learn more about the Digital Privacy Act at the Office of the Privacy Commissioner of Canada.

If you’re interested in learning more about the latest cybersecurity threats to Canadian businesses, check out our State of the Channel Ransomware Report - Canada. We surveyed over 200 MSPs in Canada about ransomware and cybersecurity and its impact on businesses. Check it out today!