Canada’s PIPEDA privacy law has applied to private sector organizations since 2001. New provisions in the country’s Personal Information Protection and Electronic Documents Act came into force as of Nov. 1. Organizations must now report all serious data breaches to the privacy watchdog. Such records must be stored for at least two years, such as those of large and small organizations. The Office of the Privacy Commissioner (OPC) enforces the law by overseeing whether organizations are complying with the act’s obligations. “Mandatory breach reporting and notification will create an incentive for organizations to take security more seriously,” OPC says.”]
Source: https://www.cuinfosecurity.com/canadas-mandatory-breach-notification-rules-now-in-effect-a-11657