On November 1, a new Canadian law went into effect requiring businesses to record all breaches and notify Canada’s Office of the Privacy Commissioner and those affected of breaches that “pose a real risk of significant harm to individuals.”

The data breach notification requirement follows similar laws enacted in Canadian provinces, lawyers said. David Elder, a Stikeman Elliot counsel and chair of its privacy and data protection group, said the legislation also echoes European laws where organizations are responsible for the data they send to be processed by outside vendors. The Canadian law, Elder said, doesn’t shift data breach notification responsibility to outside vendors if a breach occurs.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]