November 1, 2018

PIPEDA Breach Notification & Recording Starts Nov 1 – Are You Ready?

November 1, 2018

As of November 1st 2018, organizations subject to The Personal Information Protection and Electronic Documents Act (PIPEDA) will be required to:

  • report to the Privacy Commissioner of Canada breaches of security safeguards involving personal information that pose a real risk of significant harm to individuals
  • notify affected individuals about those breaches, and
  • keep records of all breaches.

So simply dealing with a potentially harmful privacy breach when and if it happens is not sufficient compliance.The Commissioner can ask to see that breach record at any time. Failure to comply with the recording and notification requirements can result in a penalty of up to $100,000.From a practical perspective, it means that there must be awareness by staff about what a breach of security safeguards is, and who to tell about it. It can’t be based only on complaints.The Privacy Commissioner has published guidance on this. This guidance will provide an overview of what you need to know about these obligations.

What is a breach of security safeguards?

A “breach of security safeguards” is defined in PIPEDA as: the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards that are referred to in clause 4.7 of Schedule 1 of PIPEDA, or from a failure to establish those safeguards.

Does this apply to small businesses?

Yes. Large and small businesses all have to meet PIPEDA requirements to report and notify of breaches of real risk of significant harm, and keep records of all breaches.The chart below is an overview of the process. Be sure to follow the detailed definitions and requirements in PIPEDA.

Are there financial penalties?

Yes. Under PIPEDA it is an offence to knowingly contravene PIPEDA’s breach reporting, notification and record-keeping requirements and doing so could lead to fines.More Resources:We have written on this topic earlier this year Here's the PIPEDA Website for your referenceHere's the PIPEDA Compliance Help WebsiteCredits: Diagram courtesy of Harrison Pensa LLP

Subscribe

Get curated insights from the health benefits space every month.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Other Great Reads

Beneplan's 2023 Annual Report

Apr 19, 2024
Read more...

TELUS Health : Our Employee Assistance Program (EAP)

Apr 2, 2024
Read more...

Cultivating Operational Excellence with Business Intelligence

Jan 5, 2024
Read more...

GreenShield Plan Member ID Cards Going Digital

Nov 28, 2023
Read more...

Who We Are

Resources

What We Do

Join the employee benefits co-operative that refunds unused premiums back to its members

Request A Quote

Contact Us

1-800-387-1670
service@beneplan.ca
Mon – Fri: 9:00 AM – 5:00 PM

Headquarters

150 Ferrand Drive Suite 500
Toronto, Ontario
M3C 3E5 Canada

© All Rights Reserved | Beneplan Inc.