New data breach notification standards should be flexible, adaptive, ITAC says

As Innovation Science and Economic Development Canada (ISED) prepares to release a second version of the country’s new data breach notification standards this fall, the Information Technology Association of Canada (ITAC) hopes the latest proposed regulations will take a flexible, outcome-based approach, while also providing a grace period to give businesses time to adjust.

“We want there to be an appropriate balance between the need to protect Canadians by notifying them of data breaches, and the costs and challenges sometimes faced by businesses in in doing so,” ITAC senior director David Messer tells

Since 2015, data breaches have been governed by the Personal Information Protection and Electronic Documents Act (PIPEDA), a law passed in 1998 to regulate how non-government organizations (excluding charities and not-for-profits) were allowed to collect, use, disclose, and dispose of personal data.

Read full ITBusiness Article