Mandatory data breach notifications in Canada | KPMG | CA
Share with your friends

Mandatory data breach reporting changes: Is your organization ready?

Mandatory data breach notification requirement changes

Make sure you are protected when the new legislation comes into effect

Make sure you are protected when the new legislation comes into effect

Canadian organizations will soon be mandated by law to report cyber data breaches that cause significant harm to affected parties and regulators.


Is your organization in a cyber-defensible position?

Canadian organizations are in store for some major changes in the coming months to current data breach notification requirements.

The reality of data breaches is not “if” but “when”, however, according to our recent Canadian CEO Outlook, 87% of Canadian CEOs feel only somewhat prepared for a cyber-attack - and yet only 30% plan to invest in cyber security. This will have to change as organizations are discovering the hard way that affected parties will hold you accountable.


What to expect

Bill S-4, the Digital Privacy Act, introduced some major amendments to the Canadian privacy act PIPEDA in June 2016. As per the new mandate, some expectations of organizations that experience a data breach include notifying individuals if they face any real risk of significant harm, reporting the breach to the Privacy Commissioner and more.


Preparing your organization

To help determine if your organization is prepared for these changes, take our quick five question assessment

After completing the assessment, you will have access to our exclusive Cyber Watch report, where we break down all the new requirements and what you need to consider now to prepare your organization.


Our Cyber Team can provide greater insight into Canadian data breach notification requirements and help define your organization’s cyber defensible position.

Cyber Emergency? Contact our 24/7 Cyber response hotline:

1-844-KPMG-911 / 1 (844) 576-4911

Connect with us