On November 1, 2018, new provisions in the Personal Information Protection and Electronic Documents Act (PIPEDA) related to breach of security safeguards came into force, along with breach of security safeguards regulations.
A privacy breach is the loss of, unauthorized access to, or disclosure of, personal information. Breaches can happen when personal information is stolen, lost or mistakenly shared.
Businesses subject to PIPEDA have certain obligations following a breach. These may include reporting to the Office of the Privacy Commissioner of Canada, notifying affected individuals and keeping certain records of privacy breaches.
To be compliant, it’s critical that organizations understand just what the requirements are, when the obligations, record-keeping, reporting and notification are triggered, and ensure they implement policies and procedures aligned with the law.
Most data breaches, whether accidental or malevolent, are in fact caused by an organization’s own employees. Implementing a plan to avoid and handle data breaches by its own employees is an important aspect of an its data breach risk mitigation plan generally and the Digital Privacy Act’s new data beach response requirements means more employee breaches are likely.
PIPEDA Explained Legislated Privacy Standards for Every Business Online Course Series
This 3 Part PIPEDA Series is available as part of the ILScorp General CE Subscription.
PIPEDA PART 1:
Lesson A: Understanding Privacy Laws
Introduction, Definitions and General Requirements
Lesson B: The Principles Begin with Accountability
The 10 Principles of the Privacy Code
Principle 1- Accountability
Lesson C: Identifying Purposes and Consent
Principle 2 – Identifying Purposes
Principle 3 – Consent
PIPEDA PART 2
Lesson A: Principles 4, 5 and 6
Principle 4 – Limiting Collection
Principle 5 – Limiting Use, Disclosure and Retention
Principle 6 – Accuracy
Lesson B: Principles 7, 8, 9 and 10
Principle 7 – Safeguards and Reporting Requirements
Principle 8 – Openness
Principle 9 – Individual Access
Principle 10 – Challenging Compliance
PIPEDA PART 3
Lesson A: The Privacy Commissioner and Complaints
Lesson B: Applications and Audits