November 7, 2018
Bev Cleveland, AVP, Compliance & Senior Legal Counsel, Canadian Credit Union Association
On November 1, 2018, new provisions in the Personal Information Protection and Electronic Documents Act (PIPEDA) related to breach of security safeguards came into force along with Breach of Security Safeguards Regulations.
A breach of security safeguards is defined in PIPEDA as “the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization's security safeguards ... or from a failure to establish those safeguards”.
Credit unions subject to PIPEDA will be required to keep a record of all breaches and when a breach poses a real risk of significant harm, sometimes called the ‘RROSH’ test, they are required to:
- Notify the affected individual(s);
- Report the breach to the Privacy Commissioner;
- Inform organizations who may be able to reduce the risk of harm.
The Office of the Privacy Commissioner of Canada has recently released a Guidance
on the new breach reporting rules, an overview of what organizations need to know about their obligations.
The Canadian Credit Union Association’s recorded webinars Privacy Breach Ready? Key Strategies for an Effective Breach Response Plan, and Federal Privacy Commissioner Guidelines: Revisiting your Data Collection Practices provide a comprehensive review of the new breach reporting rules and can be found at www.ccua.com/members/webinars
(member login required).
Please contact Bev Cleveland
or Brenda King
if you have any questions.