Respond to a privacy breach at your business
On June 18, 2015, the Digital Privacy Act received Royal Assent. The Act introduced a number of amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA). Among the amendments were new provisions related to breach reporting, which will come into force on November 1st, 2018. The new Breach of Security Safeguards Regulations published in the Canada Gazette on April 18, 2018 will also come into force on November 1st, along with the related statutory requirements.
A privacy breach is the loss of, unauthorized access to, or disclosure of, personal information. Breaches can happen when personal information is stolen, lost or mistakenly shared.
For businesses operating in Canada, such activity is “unauthorized” if it occurs in contravention of applicable privacy legislation, such as the Personal Information Protection and Electronic Documents Act (PIPEDA), or similar provincial privacy legislation.
The Office of the Privacy Commissioner of Canada (OPC) has developed resources to help businesses to take appropriate steps when a breach happens.
Read guidance that businesses can use to respond appropriately when a privacy breach occurs.
Forms and information for businesses subject to PIPEDA wanting to report a breach to the OPC.
Report a problem or mistake on this page
- Date modified: