On June 18, 2015, Bill S-4 (the Digital Privacy Act) came into force in Canada and finally introduced mandatory data breach reporting and notification requirements by amending Personal Information Protection and Electronic Documents Act known as “PIPEDA”.
The glaring deficiency in PIPEDA is that there was no effective date set for these new data breach provisions. That changed on March 26, 2018 in the wake of the widely reported Equifax Data Breach, when the Federal government passed Order in Council (2018-0369) stating that data breach provisions will come into force on November 1, 2018. These new federal regulations will impose fines up to $100,000 on Canadian companies that fail to properly notify consumers and the Privacy Commissioner of data breaches. Therefore, Canadian companies that store, process, control or manage personal information are responsible for notifying the affected individuals. We are advising our clients and others that we encounter to prepare for the new regulations by investing in tools and technologies to monitor security and detect breaches, train staff and determine whether the breach will place victims at serious risk of significant harm.
In many countries, notably the USA, this type of legislation is old news. The first such US law–California’s SB1386–became operative July 1, 2003 and has since helped hundreds of millions of people maintain some control over their compromised identities and lost data.
Although the fines mentioned above are very significant, security of personal information is not really about the fines. It’s more about safeguarding reputations, brand damage and avoiding public embarrassment. You have an opportunity to improve the trust that customers and clients have in your organizations and strengthen your market position by taking a pro-active approach to data security.
The Infologix division of Sloan Group would be pleased to assist with any questions regarding these issues that you may have about your organization.
Please contact Jerry Paskowitz, CPA, CA, CMC to review your concerns.