Site Search

Loading Results

Get ready for mandatory breach notification in Canada

Canada now has mandatory privacy breach legislation in place at the federal level. Effective November 1, 2018, companies subject to Canada’s privacy law, the Personal Information Protection and Electronic Documents Act, will be required to record and report breaches of security safeguards. The new breach rules may require changes to your breach management and privacy practices.

What’s changing

The breach of security safeguards regulation, introduced through the Digital Privacy Act, includes three main requirements:

Breach notification

Report to the Office of the Privacy Commissioner of Canada (OPC) and notify affected individuals and third parties (who can mitigate harm) of a breach.

Record keeping

Retain records of all data breaches and share them with the OPC on demand.

Risk assessment

Determine if it’s a breach of security safeguards and whether it poses a real risk of significant harm.

Why prepare?

By establishing or enhancing your breach response plan and broader privacy program, you can:

Improve your competitive advantage by enhancing customer trust and loyalty, heightening privacy awareness across the company and achieving greater efficiency among the privacy, security, information technology and data governance functions

Reduce risk, as responding poorly to a breach may lead to increased regulatory scrutiny (such as an investigation, audit, review of the entire privacy program and sanctions), financial penalties (such as fines, lost shareholder value or lawsuits) and a reputational hit (through reduced customer trust, brand value and revenue)

Managing privacy and risk in a digital world

We sit down with Pamela Snively, Chief Data & Trust officer at TELUS, for expert insights on embracing innovation while protecting customer privacy.
 

Listen now

What can you do?

Mandatory breach regulation readiness assessment tool

Understand your current state of preparedness and how you compare to your peers. Get valuable insights into the work needed to get to your goal or demonstrate due diligence in your preparation efforts. The tool helps to:

  • Answer key questions: The tool features a comprehensive set of questions related to the breach of security safeguards regulations.

  • Assess breach response readiness: Responses are assessed according to regulatory requirements, practical experience and industry practice.

  • Understand maturity level: Each component of the assessment is linked to a maturity level in order to assess current operating state.

Establish your baseline

A breach program baseline includes:

  • risk assessments, data inventory and mapping and program development

  • examining incident and breach response policies, processes and procedures

  • breach response plans, including mock breach events

  • assessing insider threats

  • training and awareness programs

Respond effectively to a breach

What are the options to manage a breach?

  • Privacy as a Service (PraaS): outsourced privacy office support, breach response procedures, training and risk assessments

  • Security and privacy operations centre services: an integrated approach encompassing both cyber and regulatory responses to incidents

  • Cyber incident response services: incident response and threat detection, compromise discovery and ongoing support through reporting, analysis, notification and outcome

Learn more about how PwC can help you prepare for mandatory breach notification

{{filterContent.facetedTitle}}

{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}
{{contentList.loadingText}}
{{contentList.loadingText}}
{{contentList.viewAllLabel}}

Contact us

PwC has an experienced privacy team with global reach and proven tools and accelerators to help you get ready. Contact us to find out more.

​Jordan Prokopy

National Data Trust & Privacy Practice Leader, Toronto, PwC Canada

+1 416 869 2384

Email

Related Content

Follow PwC Canada
Today's issues Top issues Acquisitions and Divestitures Building trust for today and tomorrow Compliance. Transformed. Crisis Cybersecurity, Privacy and Financial Crime Environmental, social and governance (ESG) Fit for Growth Future of finance Generative AI Workforce of the future
Insights All Insights Blogs CEO survey Cloud Technology Insights Director connect Generative AI Hub Podcasts Risk and Regulatory Hub Smart cities Strategy& strategy+business
Industries Industries Asset management Automotive Banking & capital markets Cannabis Consumer markets Energy Entertainment and media Financial services Government and Public Services Healthcare Industrial manufacturing Insurance Mining Power & utilities Private equity Real estate Technology sector Telecommunications innovation Transportation and logistics
Services Services Accounting Advisory Services Alliances Audit and Assurance Consulting Crisis and resilience Current Insolvency Assignments Data and analytics Deals Forensic Services Japanese Business Network Legal Managed Services Products PwC Private Risk Assurance Risk Modelling Services Tax Transformation and investment management
About us About Us 2023 new partners Board of directors Alumni Contact us Corporate responsibility Ethics and Code of Conduct Inclusion and diversity Our Canadian leadership team Our history Our offices locations Our people Our purpose, vision and values Press releases Procurement at PwC The New Equation Women in Leadership
Careers Careers Explore our business areas Student and new graduate opportunities Life at PwC Canada Benefits, flexibility and wellness Talent Community

© 2018 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.