On November 1st, 2018, businesses became subject to new mandatory breach reporting regulations under Canada’s federal private sector privacy law, PIPEDA.

Since 2013, 14 billion data records have been lost or stolen. Only 4 per cent of these breaches were “secure”.

The OPC is revisiting its policy position on transborder data flows under the Personal Information Protection and Electronic Documents Act (PIPEDA). This includes not only cross border data transfers between controllers and processors, but also other cross border disclosures of personal information between organizations.

The Office of the Privacy Commissioner will begin to apply these guidelines on January 1, 2019. The release of these guidelines is part of the Office’s work to improve the current consent model under the Personal Information Protection and Electronic Documents Act (PIPEDA)

"This change has been a long time coming. The House of Commons Standing Committee on Access to Information, Privacy and Ethics recommended that PIPEDA be amended to include a breach notification requirement following a review of the legislation that began in 2006"

Ontario’s former privacy commissioner, Ann Cavoukian, said she was shocked by the initiative and said the ability for a government agency to build a massive database of personal banking information raises serious privacy concerns.

New security breach reporting guidelines are set to come into force on November 1st, 2018, compelling organizations to report any security or data breaches that pose significant harm to affected individuals.

Canada’s privacy watchdog has asked the Federal Court to rule on Mountain View search giant Google’s indexing practices as they pertain to the Personal Information Protection and Electronic Documents Act (PIPEDA).

Collected data increases in sensitivity over time when details are combined and related to generate an accurate and complete picture or profile for individual clients.

The experts I spoke with also saw concepts in the GDPR that were naturally complimentary to PIPEDA. Concepts like “accountability” and “privacy by design” could, and perhaps, should be given prominence in legislative amendments to PIPEDA.