Properly-trained employees are critical to managing cyber risk, especially with the nation-wide breach reporting law taking effect this fall, brokers and risk consultants told insurance professionals at a recent conference.
On November 1, several new sections – including one mandating privacy breach reporting – of the federal Personal Information Protection and Electronic Documents Act take effect.
The section on mandatory breach notification was originally passed into law, with Bill S-4, the Digital Privacy Act, in 2015.
The Digital Privacy Act stipulates that an organization having a breach of personal information under its control must report that breach both to the federal privacy commissioner and to the affected individuals if it is “reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual.” This means a rule that already exists in Alberta under provincial law will apply Canada-wide.
Failure to comply can, in essence, result in a $100,000 administrative monetary penalty for every affected person it fails to notify.
This means organizations will “have to make a self reporting…
