Breach Resources


Canadian Private Sector Data Breach Laws and Guidance

Private Sector Laws (non-health sector) Personal Information Protection and Electronic Documents Act Alberta Personal Information Protection Act
Applies to Organizations that have control of personal information collected, used and/or disclosed in the course of a commercial activity Federal works, undertakings or businesses that have control of personal information collected, used and/or disclose with respect to an applicant for employment or an employee All organizations that have control of personal information (including employee information) collected, used and/or disclosed in Alberta whether for profit or not-for profit.
Extraterritorial effect
Judicially settled.
Unclear. Alberta Commissioner takes the position it does.
Personal Information Any information about an identifiable individual Any information about an identifiable individual
Breach includes Loss, unauthorized access, unauthorized disclosure as a result of breach of security safeguards or failure to implement security safeguards Loss, unauthorized access or unauthorized disclosure
Good faith acquisition exempted
However, circumstances will be relevant to risk of harm analysis

However, circumstances will be relevant to risk of harm analysis
Safe harbour for encryption
However, circumstances will be relevant to risk of harm analysis

However, circumstances will be relevant to risk of harm analysis
Harms-based test for reporting (real risk of significant harm)
Harms include more than financial harm
Obligation to report to the Privacy Commissioner
Obligation to notify individuals notification required
Obligation to notify police
If it would assist in mitigating risk of harm

Resources published by regulators

Office of the Privacy Commissioner of Canada Resources

Alberta Information and Privacy Commissioner Resources

Security Breaches and PIPEDA – Answers to Questions You Asked

I was asked many questions by a very engaged audience prior to, during and after a 2018 LexisNexis Canada webinar on the new breach of security safeguards provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA). For the benefit of all, I’ve tackled those questions here.

Check back from time-to-time because I will update them with other interesting questions that I get asked. Also, don’t forget to check out the recorded version of the webinar.

%d