NAID-Canada Adds Breach Notification to Data Protection Law

April 25, 2018

The initial sentence of the announcement says it all: Her Excellency the Governor General in Council, on the recommendation of the Minister of Industry, pursuant to subsection 26(1) of the Personal Information Protection and Electronic Documents Act, makes the annexed Breach of Security Safeguards Regulations.

What follows, the government lists the specifics of the Canadian national data breach law that comes into effect November 1, 2018. NAID encourages all service providers doing business in Canada to get familiar with the regulation since the law applies to them and also dramatically affects their relationship with customers.

The provinces of British Columbia and Alberta are unaffected by the announcement since their respective Personal Information Protection Acts (PIPA), had already been amended to include data breach notification.

According to NAID-Canada Chair Tino Fluckiger of Shredwise this is an important step for Canada.

“Canadian data protection laws had fallen behind both the U.S. and Europe over the past decade,” says Fluckiger. “The new requirements of upcoming E.U. General Data Protection Regulation (GDPR) demonstrated that we needed to catch up. Data breach notification is a big step in the right direction.”

“In a world where every incident of improper information disposal is a potential data breach notification, and, with the proper approach, these regulations can significantly increase demand for secure destruction,” says NAID CEO Bob Johnson. “The good news is that we’ve been through it before. NAID members in Australia, Europe and now Canada, can learn a great deal from what unfolded over the last decade in America. We’re gearing up for that now.”

For more details on the new requirement are available in the official government release.