On November 1, 2018, Canadian businesses became subject to new regulations under the Personal Information Protection and Electronic Documents Act (PIPEDA) involving mandatory breach reporting, and a year after PIPEDA was implemented, the Office of the Privacy Commissioner of Canada received 680 breach reports, six times the volume it received during the same period a year earlier. The most common type of breach (accounting for 58% of those reported) was unauthorized access, followed by accidental disclosure, loss and theft.
“Now, when organizations have a (breach) event (that poses a significant harm to individuals), they have to report it to the Privacy Commissioner of Canada, and the impacted individuals,” said Brian Lapidus, Global Practice Leader in the Identity Theft and Breach Notification practice of Kroll, a division of Duff & Phelps, in an article for Insurance Business Canada. This has led to a growing number of individuals seeking small claims in the consumer identity theft policies market. He further discusses the challenges organizations face when they prematurely notify breach events and highlighted the launch of Kroll’s dark web monitoring capabilities in Canada armed with cyber professionals to help organizations better run breach investigations.
Read the full article here.
Watch Brian discuss how his team helps their clients manage the myriad of global complexities around privacy and security, including PIPEDA.
