Canadian Underwriter

Paid Digital Privacy Act changes are coming. Are you prepared?

December 12, 2017   by CyberScout

Print this page Share

For Canadian organizations, as well as organizations doing business in Canada, a dramatic shift to privacy and cyber security regulations is looming. The amendment to Canada’s Personal Information Protection and Electronic Document Act (PIPEDA), the federal privacy law for private-sector organizations, is expected to take effect in late 2017. Under this amendment, also known as The Digital Privacy Act, organizations that experience a data breach but neglect their responsibilities as outlined in this act could quickly find themselves in hot water with regulators and customers alike, not to mention facing steep fines.

If you aren’t up to date on what’s happening with PIPEDA and The Digital Privacy Act, this article highlights the implications of the new regulations on businesses along with how insurers and businesses need to prepare.

A quick refresh on PIPEDA

PIPEDA was enacted in 2000 and was intended to “set ground rules for how private-sector organizations collect, use or disclose personal information in the course of commercial activities across Canada.” The legislation was created to promote customer trust in e-commerce by setting a baseline of privacy protections for consumers. Given the rapid evolution of technology and commerce, parliament knew that the legislation would require regular updates. The Digital Privacy Act was created in response to growing data breach challenges in Canada and abroad. Not only does it mandate a new framework for breach reporting, notification and record keeping, it also clarifies key points around consent, the Privacy Commissioner’s powers and more.

Although parliament passed the Digital Privacy Act in 2015, time was needed to develop processes and procedures around new regulations. Enforcement had been postponed, but is expected at any time. With this looming change, it’s time for

Request Your FREE White Paper

insurers and businesses to prepare for the new guidance. Once the guidance is released, breach reporting, notification and record keeping under the Digital Privacy Act will be particularly important for insurers and businesses to understand.

Considering the potential impact   

Data breaches around the world have grown to epidemic proportions in recent years. Consider the 160% year-over-year growth in Canada, or the fact that 37 million records were exposed in the U.S. in 2016 alone. A difficult reality to face is that 25% of data breaches are due to human error among employees or contractors.   Bearing in mind the new regulations, these stats should be a wakeup call for Canadian businesses. Why? Because new regulations under the Digital Privacy Act will increase consumer visibility into breach events. Moreover, under the new regulations, your business or your policyholders could also face noncompliance fines of up to CAD$100,000.

Moving forward with confidence

Although the final guidance hasn’t been released, it’s time to get up to speed. Download our complimentary white paper that covers:

  • The increasing frequency and costs of data breaches
  • The legal considerations that led to the amendment
  • How the act will impact businesses and insurers
  • Tips for complying

CyberScout is standing by to help.

Data breaches are an ugly fact of life of doing business in the Internet era. In addition to taking the right prevention steps, quick responses are critical. The upcoming regulatory changes with the Digital Privacy Act means that Canadian businesses need to be on top of the challenges.

Request Your FREE White Paper


Complete this form to request your white paper. We’ll send the download link to your inbox.

  • Your email address will be shared with CyberScout LLP for marketing purposes. You can opt out at any time.

Print this page Share

Have your say:

Your email address will not be published. Required fields are marked *