Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more

Understanding Canada: Ontario’s New Medical Breach Notification Provision (and Other Canadian Data Privacy Facts)

Remember Canada’s profusion of data privacy laws? The Personal Information Protection and Electronic Documents Act (PIPEDA) is the law that covers all commercial organizations across Canada. Canadian federal government agencies,...
Michael Buckbee
1 min read
Published July 27, 2016
Last updated October 21, 2021

Remember Canada’s profusion of data privacy laws?

The Personal Information Protection and Electronic Documents Act (PIPEDA) is the law that covers all commercial organizations across Canada.

Canadian federal government agencies, though, are under a different law known as the Privacy Act.

But then there are overriding laws at the provincial level.

If a Canadian province adopts substantially similar data privacy legislation to PIPEDA, then a local organization would instead fall under the provincial law.

To date, Alberta and British Columbia have adopted their own laws, each known as the Personal Information Protection Act (PIPA). Alors, Québec has its own data privacy law.

Adding to the plenitude of provincial privacy laws, Ontario, New Brunswick, and Newfoundland have adopted similar privacy legislation with regard to health records.

Ontario’s PHIPA

So that brings us to Ontario’s Personal Health Information Protection Act (PHIPA).  Recently, PHIPA was amended to include a breach notification provision.

If personal health information is “stolen or lost or if it is used or disclosed without authority”, a healthcare organization in Ontario will have to notify the consumer “at the first reasonable opportunity”, as well as the provincial government.

Alberta, by the way, has had a breach notification requirement for all personal data since 2010.

What About Breach Notification at the Federal Level?

In June 2015, the Digital Privacy Act amended PIPEDA to include breach notification. Organizations must notify affected individuals and the Privacy Commissioner of Canada when there is a breach that creates a “real risk of significant harm” to an individual.

Notice that the federal law has a risk threshold for exposed personal information, whereas the new Ontario law for health records doesn’t. Alberta’s breach notification requirement, by the way, has a similar risk threshold to PIPEDA

Confused by all this? Get a good Canadian privacy lawyer!

Don’t be confused by how to detect and stop breaches! Learn more about Varonis DatAlert.

 

 

 

 

 

 

 

 

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

canada’s-pipeda-breach-notification-regulations-are-finalized!
Canada’s PIPEDA Breach Notification Regulations Are Finalized!
While the US — post-Target, post-Sony, post-OPM, post-Equifax — still doesn’t have a national data security law, things are different north of the border. Canada, like the rest of the...
cybercrime-laws-get-serious:-canada’s-pipeda-and-ccirc
Cybercrime Laws Get Serious: Canada’s PIPEDA and CCIRC
In this series on governmental responses to cybercrime, we’re taking a look at how countries through their laws are dealing with broad attacks against IT infrastructure beyond just data theft....
gdpr-by-any-other-name:-the-uk’s-new-data-protection-bill
GDPR By Any Other Name: The UK’s New Data Protection Bill
Last month, the UK published the final version of a law to replace its current data security and privacy rules. For those who haven’t been following the Brexit drama now...
what-the-h**l-does-reasonable-data-security-really-mean?
What the H**L Does Reasonable Data Security Really Mean?
For anyone who’s spent time looking at data security laws and regulations, you can’t help but come across the words “reasonable security”, or its close cousin “appropriate security”.  You can...