Security Breach Safeguard Regulations in Canada and EQUIFAX’s Mother of all Security Breaches: The timing is excellent!
The Government of Canada just published its proposed regulations for Breach of Security Safeguards. This regulation is proposed under Canada’s Personal Information Protection and Electronic Documents Act (affectionately known as “PIPEDA”).
This regulation comes out just a few days before Equifax announced that that it had 143 million of its records breached in the United States and an unknown number in Canada and the United Kingdom. (Have we noted that there is less disclosure in the less lawsuit-happy jurisdictions? I am sure it was just as bad, proportionately, but why add to the public relations misery)? Here is how they handled it by press release and video.
If these regulations were in force, they would have an obligation to advise the Office of the Privacy Commissioner “as soon as feasible” regarding any data breach that poses a “real risk of significant harm” to any individual whose personal information was breached.
A failure to do so may incur a fine of up to $100,000 and create a private right of action for those individuals who are affected by the data breach. There are a lot of other issues in the proposed regulation, including costs, and we’ll see what is left after the lobbyists, including those for Equifax, take a stab at convincing the government how to best implement this.
In my practice, I deal mostly in terms of financing and regulatory issues for my clients, but I also assure that governance issues are addressed and respected by my clients, some of whom are regulated entities. In terms of disclosure in securities matters, the breaches covered by this proposed regulation are the type of things that ideally need to be avoided, but if they do occur, they need to be addressed in accordance with the law to mitigate additional risk to the clients who are at risk. That is the best way to protect the employees, the officers directors and shareholders are not put at risk.
This may be boring to some, but it looks like it will be as fun as a barrel of monkeys (I apologize but I do not recall which toy company owns that trademark).
