The federal Privacy Office is implementing new regulations under the Personal Information Protection and Electronic Documents Act (PIPEDA). These new notification regulations come into effect on November 1^st, 2018.

Failure to comply with these regulations will result in fines, while not as drastic as the European counterpart Greater Data Protection Regulation (GDPR) (which can fine companies 4% of revenue), the Canadian fines have the potential to be substantial. Also of note, if there are multiple instances of a given infraction, the fines are multiplied by the number of individual instances.

In the event of any security breach involving personal information that creates a ‘real risk of significant harm’ you should follow your Cyber Incident plan (if it exists) and must:

1. Report to the Privacy Commissioner and
2. Notify your customers

Should your organization be confronted by this threat, Cyber724 will assist you with remediating the issue which caused the breach, and work with you on your notification actions. Further, Cyber724 will provide you with a cyber incident response plan if you did already have one.

 

Thank you,

Cyber724 SOC