Canada Moves A Step Closer to Mandatory Data Breach Notification

Canada’s Ministry of Industry has proposed amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) that would require private sector entities to notify the Office of the Privacy Commissioner of breaches of personal data, and to notify affected individuals directly if the breach creates a “real risk of significant harm.” The proposal will now be considered by Parliament. The Privacy Office in the past has opposed mandatory notification, but this time around has said it welcomes the proposal. Chances thus seem fairly good that Canada will join the breach notification club.