Canadian Security Magazine

Companies must notify people affected by privacy breaches: watchdog

By The Canadian Press   

News Data Security breach

OTTAWA — A federal watchdog says companies that lose personal customer data should be required to directly notify affected people about the lapse and detail the steps taken to reduce the harm.

The Trudeau government plans to introduce breach-notification regulations in coming months to improve transparency and help consumers.

Legislation passed last year laid the groundwork for mandatory reporting of private-sector breaches that pose a “real risk of significant harm” to individuals.

The government recently asked the public and interested parties for comment on shaping the regulations.

The federal privacy commissioner’s office says companies should have to directly notify those affected by a breach — with limited exceptions — through means such as telephone calls, emails or mailed letters.


It also urges the government to give thought to cases in which affected people live outside Canada.

Print this page


Stories continue below