The Government of Canada is seeking input from stakeholders on drafting data breach regulations. The Federal Personal Information Protection and Electronic Documents Act (PIPEDA) was amended in June 2015 to require organizations to report serious breaches of personal information. These new requirements will come into force once regulations on specific elements of the requirements are passed. The government has posted a discussion paper that outlines its regulatory authority and invites stakeholders to respond to questions under consideration in drafting the regulations.
The consultation period runs until May 31, 2016. Please see a copy of the discussion paper here. Comments can be submitted by by email or mail to:
Data Breach Consultations
Privacy and Data Protection Policy Directorate
Innovation, Science and Economic Development Canada
235 Queen Street
Ottawa, Ontario K1A 0H5