The Latest Opportunity in Cyber Coverage

As of this writing, Canada does not yet have a national data breach notification requirement. A handful of regional mandates exist, but their reach is limited, and most companies today are outside the data privacy compliance framework. That’s about to change, as the country prepares for the implementation of Bill S-4: the Digital Privacy Act.

The Government of Canada published regulations in September 2017 outlining the new mandatory data breach reporting requirements, but they have not yet come onto force. As for the specific timeline of implementation, the regulations say only: “To facilitate compliance with the new data breach reporting regime under PIPEDA, the proposed Regulations…allow for a lag period between the publication of final Regulations and their coming into force.”

Whenever the regulations do come into force, a sea change is coming to property and casualty (P&C) insurers across Canada. Not just because of the volume of customers seeking cyber and data breach coverage, but also because of the types of services and supports those business clients will require. With a huge opportunity in front of them, forward-looking carriers will want to prepare now to meet this new level of need.

Eduard Goodman, Global Privacy Officer, CyberScout

Back in 2000, the Personal Information Protection and Electronic Documents Act (PIPEDA) began setting out laws about the treatment and handling of personal information. The Digital Privacy Act of 2015 updated this earlier legislation and added mandatory breach-reporting requirements. In the latest round of rule-making, the Breach of Security Safeguards Regulations is prepared to put those regulations into action.

The regulations will bring Canada’s data privacy environment into close alignment with the both the United States and its state-led data breach notification model. More importantly, Canada’s legal environment will be aligned with the EU’s General Data Protection Regulation (GDPR) legislation, which is anticipated to take effect in May 2018.

The new mandate will give us many things to consider, but a handful are of particular interest to us here.

Read the full article in the Digital Edition of the February 2018 Canadian Underwriter.

Click here to subscribe to Canadian Underwriter, available free to qualified industry professionals.

Eduard Goodman, Global Privacy Officer, CyberScout