Canada’s privacy office has released final guidance on the country’s mandatory data breach notification rules that take effect Nov. 1.
Canadian businesses and multinational companies will have to meet the updated rules under the Personal Information Protection and Electronic Documents Act (PIPEDA). Until now, Canadian companies only followed provincial laws or voluntary standards for breach notifications.
“Companies outside of Canada with a Canadian nexus in addition to Canadian companies will need to address the mandatory breach reporting obligations,” Melissa Krasnow, privacy and data security partner at VLP Law Group LLP in Minneapolis, Minn., told Bloomberg Law.
Under the guidance released ...