TREND. Executive Agency for Data Security. 9 Point Data Breach Reporting.

Bonjour to Canada’s Privacy Commission who oversees the data privacy of Canadians. 

The Privacy Commissioner recommended these changes to national data security laws for 2016:

Data security breach reporting should include:

• The company’s name;
• Contact information for someone who can answer questions on the company’s behalf;
• Description of the breach, including:
  • The estimated number of users affected;
  • The personal information leaked;
  • The date of the breach, if known, or an estimated date or date range if unknown;
• A list of other organizations involved in the breach, such as affiliates or third party processors;
• An assessment of the risk faced by individuals as a result of the breach;
• A description of any steps planned or taken to notify affected individuals, including:
  • A notification date;
  • Whether the party has been or will be notified, whether they will be notified directly or indirectly, and if indirectly notified, why (more on this below);
  • A copy of the notification;
• A list of third party organizations that were notified of the breach;
• A description of measures the company has taken or will be taking to contain the breach and reduce its risk to affected users;
• A description of the organization’s related safeguards, taking improvements against future breaches into account.