By Order in Council 2018-0369 on March 26, 2018, mandatory breach notification under the federal Personal Information Protection and Electronic Documents Act (PIPEDA), comes in force November 1, 2018 for to all entities subject to its jurisdiction.
The PIPEDA rules follow Alberta’s leadership, which has had mandatory breach notification for 8 years. In Canada, provincial health privacy laws in Ontario, New Brunswick and Newfoundland and Labrador also contain reporting requirements. Most US states have mandatory breach notification requirements. It is recognized that notification of the affected individuals is a key factor in mitigation of risk in instances of cyber . . . [more]