Data privacy in M&A: new reporting and notification requirements

It is time for organizations to think ahead and prepare for new requirements imposed under the Digital Privacy Act (formerly known as Bill S-4). The new requirements, which will result in significant amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA), will come into force on November 1, 2018. The new requirements impose mandatory reporting and notification for data breaches. Once in force, organizations subject to PIPEDA will be required to notify the Privacy Commissioner of Canada (the Commissioner) and affected individuals in the event of a data breach. Organizations must do so if the breach could reasonably create a risk of significant harm to an individual. Notification  must be provided as soon as feasible once the breach has occurred, and must contain enough information for the individual to understand the significance of the breach. Failure to notify the Commissioner or affected individuals could result in fines of…

Read more detail on Recent Corporate Law Department posts –

This entry was posted in Corporate Law and tagged , , , , , . Bookmark the permalink.

Leave a Reply