“Reports of data breaches in Canada will “skyrocket” this year, Kevvie Fowler, KPMG’s national leader of cyber response in Canada, has predicted to the CBC.
Upcoming changes in Canadian privacy law, as well as guidance from the Canadian Securities Administrators (CSA), will force companies to be more transparent about cyberattacks than they have in the past, as well as outline the risk for potential compromised data in the future. The Digital Privacy Act, passed in June 2015, requires data breach notification and reporting regulations to become part of privacy law.
The Act was supposed to take effect in “early 2017,” according to the government, but industry experts expect this to happen by the fourth quarter of the year. Following that, organizations will now have to log all breaches and notify users of any breach that could pose “a real risk or significant harm.”
This could include letting users know about compromises in information such as names and addresses, credit card data, previous online shopping orders and security questions and passwords. Failure to handle these breaches accordingly can result in fines of up to $100,000 CAD.”
Author: Bradly Shankar