On March 9, 2016 the Department of Innovation, Science and Economic Development Canada released a discussion paper on the new data breach regulations being proposed. The Ministry is accepting public submissions until May 31, 2016 on the proposed Data Breach Notification and Reporting Regulations.
I recently read an interesting case made by the Office of the Privacy Commissioner of Canada (decision 2014 – 014) stating that under subsection 5(3) of the Personal Information Protection and Electronic Documents Act (PIPEDA) that the employer’s purposes for disclosing the employee’s personal information regarding his medical leave were not appropriate in the circumstances and were not necessary for the organization to meet its employee schedule management needs in the context of its work environment.
The increasing cyber security threat continues to raise a series of privacy risks for organizations. The Office of the Privacy Commissioner of Canada (OPC) has been regularly focusing on cyber security in letters of findings and guidance and, most recently, in a report, entitled “Privacy and Cyber Security: Emphasizing privacy protection in cyber security activities”.