Why does the new legal obligation to disclose data breach in Canada matters to your board?

The Canadian government has announced that starting November 1st 2018 Canadian businesses will have to report data breach to affected individuals and to the Office of the Privacy Commissioner of Canada. There are also new record-keeping requirements regarding data breach that organizations must follow. Although Alberta and Quebec are not covered under PIPEDA, it is expected they will both adopt similar requirements. As a board member, you should discuss whether you are impacted by these new requirements and if anything must be put in place to comply with them. Non-compliance could result in increasing reputation and financial risks to the organisation. Canadian businesses that collect data from European countries are also affected by changes to the GDPR enforced since May 2018 that include fines for non-compliant organisation of up to 4% of revenues. Data protection is definitely a topic to discuss at your next board meeting.