Major changes are expected for data breach reporting requirements in Canada. Is your organization ready?
Canadian organizations will soon be mandated by law to report cyber data breaches that cause significant harm to affected parties and regulators.
Is your organization in a cyber-defensible position?
Canadian organizations are in store for some major changes in the coming months to current data breach notification requirements.
The reality of data breaches is not “if” but “when”, however, according to our recent Canadian CEO Outlook, 87% of Canadian CEOs feel only somewhat prepared for a cyber-attack - and yet only 30% plan to invest in cyber security. This will have to change as organizations are discovering the hard way that affected parties will hold you accountable .
What to Expect
Bill S-4, the Digital Privacy Act, introduced some major amendments to the Canadian privacy act PIPEDA in June 2015. As per the new mandate, some expectations of organizations that experience a data breach include notifying individuals if they face any real risk of significant harm, reporting the breach to the Privacy Commissioner and more.
Preparing your organization
To help determine if your organization is prepared for these changes, take our quick five question assessment, and read our Cyber Watch report, where we break down all the new requirements and what you need to consider now to prepare your organization.
For more information, our Cyber Team can provide greater insight into Canadian data breach notification requirements and help define your organization’s cyber defensible position.
Cyber Emergency? Contact our 24/7 Cyber response hotline:
1-844-KPMG-911 / 1 (844) 576-4911
Make sure you are protected when the new legislation comes into effect