Canada’s privacy office has released final guidance on the country’s mandatory data breach notification rules that take effect Nov. 1.
Canadian businesses and multinational companies will have to meet the updated rules under the Personal Information Protection and Electronic Documents Act (PIPEDA). Until now, Canadian companies only followed provincial laws or voluntary standards for breach notifications.
“Companies outside of Canada with a Canadian nexus in addition to Canadian companies will need to address the mandatory breach reporting obligations,” Melissa Krasnow, privacy and data security partner at VLP Law Group LLP in Minneapolis, Minn., told Bloomberg Law.
Under the guidance released ...
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.