New regulations proposed by the federal government would implement fines for Canadian companies that hide security breaches in data.
The new regulations are part of the Digital Privacy Act (also known as Bill S-4), which amended the Personal Information Protection and Electronic Documents Act (PIPEDA). The proposed data breach requirements would make it mandatory for companies to comply with specific reporting standards, as well as assess the level of harm to the individual by the breach in data security. Currently, depending on provincial regulation, it is not required for companies to disclose this information.
The fines for the proposed regulations would vary depending on the type of and severity of the breach, with fines up to $10,000 for a summary offence and up to $100,000 for an indictable offence.
Members should stay aware of the situation as it progresses. Currently no new regulations have been passed but it is something to bear in mind with subscriber data.