Canada’s PIPEDA privacy law has applied to private sector organizations since 2001. New provisions in the country’s Personal Information Protection and Electronic Documents Act came into force Nov. 1. Organizations must now report all serious data breaches to the privacy watchdog. Canada’s Privacy Commissioner Daniel Therrien: “Mandatory breach reporting and notification will create an incentive for organizations to take security more seriously and bring enhanced transparency and accountability to how organizations manage personal information” Violators may be referred to an attorney general, which may decide to decide to prosecute.”]
Source: https://www.govinfosecurity.com/canadas-mandatory-breach-notification-rules-now-in-effect-a-11657