Law Group Examines Breach Notification Requirements
PRIVACY LAW—CANADAMarch 24, 2010
When it comes to notification requirements for security breaches involving Canadian data, federal and provincial privacy commissioners have established guidelines for companies to follow in the event of data loss or theft. W. Scott Blackener of Information Law Group points out that while Canada does not have the legally enforceable breach notice statutes in place in the U.S., "courts are likely to defer to the expert commissions and consult the guidelines in deciding whether an organization suffering a security breach has violated PIPEDA or a provincial PIPA, or whether the organization has met contractual expectations or a duty of reasonable care under tort law." Blackener also points out that Special Commissions at the federal level and in the provinces of Alberta and British Columbia have recommended amending privacy legislation to mandate notification of material security breaches.