Mandatory Breach Reporting and/or Consumer Notification

Within 30 days
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Written Program for Protection & Security
  • Third Party: Specific Obligations
  • Third Parties: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach and notification laws
Fines up to $100,000

Regulation Levels
  • Breach Reporting
  • Consumer Notification
  • Third Party Management
  • Third Party Management
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • Privacy laws in Ontario are a mixture of federal laws and provincial laws
  • PIPEDA is based on the 10 principles of fair information practice
  • The Digital Privacy Act specifies what is now considered valid consent
  • Breach reporting and consumer notification are mandatory
  • Privacy-by-Design, now globally practiced, was developed by the Information & Privacy Commissioner of Ontario
“BREAKING: As of Nov 2018, Canada Breach Reporting Law goes into effect.”
Statutes and Laws
  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Ontario’s Personal Health Information Protection Act (PHIPA)
  • Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA) and the Ontario’s Municipal Freedom of Information and Protection of Privacy Act (MFIPPA)
  • Ontario’s Employment Standards Act (ESA)
BAck to map