Personal Information Protection & Electronic Documents Act (PIPEDA)

Applicable to Business Owners – Effective November 1, 2018


As of November 1, 2018, new regulations have come into effect that require all organizations to report any breaches of security safeguards to the Privacy Commissioner and anyone else affected.  Significant harm includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, financial loss, identity theft, negative effects on credit record and/or damage to loss of property.  The Real Risk of Significant Harm is determined based on the sensitivity of the personal information involved in the breach and the probability of this information being misused in the past, or for it to be misused in the future.

What are Security Safeguards?

Measure used by the business to keep personal/sensitive information safe which includes the following:

  1. Physical: such as locked filing cabinets, restricted access in offices
  2. Organizational: security  clearances and limiting access on a “need to know” basis
  3. Technological: protection of passwords, banking, credit card data and personal information

What does this mean to you?

If any of your security safeguards are breached (e.g. lost, stolen or accessed) all businesses will now be required to report any real risk of significant harm to the Privacy Commissioner and those affected, and also maintain a record of ALL security safeguard breaches (regardless of reporting) for a period of 24 months.  Failure to do so can result in a fine from the Privacy Commissioner of up to $100,000.00 per individual.
Note, the new regulations also state that if your business does not currently have established security safeguards in place, this is also considered a security safeguard breach.

Some Questions for your business to consider on how to avoid Data Breaches:

  1. Do you have an action plan of when to report data breaches to the Privacy Commissioner of Canada?
  2. How will you notify your clients of the breach? What has been done to minimize the breach?
  3. With technology becoming the most widely used method to store your client’s information, do you currently carry a Cyber insurance policy to cover any loss from a technology or data breach?

At Park Georgia Insurance/ Ben Jones Insurance/ Metrotown Dason Insurance, we are here to support you and your organization with any questions you may have regarding this new legislation. In addition, we also offer a variety of Cyber Insurance solutions that can
help your business handle a security breach and help you notify your clients of a potential data breach for your company. Due to the nature of this new legislation, we our encouraging our clients to look into obtaining Cyber coverage for their business. Please contact us if you would like to learn more about some of the Cyber products that we offer.

Detailed Guide from the Office of the Privacy Commissioner: