Summary of Consultation Responses — Data Breach Notification and Reporting Regulations

Innovation, Science and Economic Development Canada (ISED) has posted a document summarizing comments received during recent consultations on data breach notification and reporting regulations.  ITAC submitted a set of recommendations on behalf of the ICT sector.

Please find the document here:

As you may be aware, in June 2015 the Personal Information Protection and Electronic Documents Act (PIPEDA) was amended to require organizations to report serious data breaches.  These requirements are not yet in force, as they require regulations providing further specifics on the statutory provisions.

Earlier this year, ITAC was invited to participate in a consultation regarding the design of these regulations. The document which has been posted provides an overview of written responses to the ISED discussion paper on the development of data breach notification and reporting regulations.  These comments will be used to inform the development of draft regulations which will be published for a period of further public comment via the Canada Gazette Part I.

ITAC is continuing to meet with ISED officials to advance the case for smart and practical data breach regulations