Mandatory Breach Reporting and/or Consumer Notification

Within 30 days
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Written Program for Protection & Security
  • Third Party: Specific Obligations
  • Third Party: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach notification laws:
- Fines up to $100,000

Regulation Levels
  • Breach Reporting
  • Consumer Notification
  • Third Party Management
  • Data Protection
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • Privacy laws in Ontario are a mixture of federal laws and provincial laws.
  • PIPEDA is based on the 10 principles of fair information practice.
  • The Digital Privacy Act specifies what is now considered valid consent.
  • Breach reporting and consumer notification are mandatory.
  • Privacy-by-Design, now globally practiced, was developed by the Information and Privacy Commissioner of Ontario.
  • PIPEDA extends to employee personal information and health information only for organizations that are federally regulated, for example, banks, airlines, telecommunications, media.
  • PIPEDA may extend to an organization if personal information crosses provincial or national borders.
  • Some provinces and territories have health privacy laws that have not been declared substantially similar to PIPEDA, however, PIPEDA may still govern.
  • PIPEDA does not apply to not-for-profits, charities and other organizations not engaged in commercial activity in which case provincial or territorial privacy legislation may apply.
  • PIPEDA is overseen by the Office of the Privacy Commissioner of Canada.
Statutes and Laws
  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Ontario’s Personal Health Information Protection Act (PHIPA)
  • Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA) and the Ontario’s Municipal Freedom of Information and Protection of Privacy Act (MFIPPA)
  • Ontario’s Employment Standards Act (ESA)
BAck to map