Law Times interviewed Wendy Mee, Partner in the Blakes Intellectual Property and Privacy groups, about new mandatory data-breach reporting rules expected to come into effect in Canada in November 2018.

Mee says Canada’s new mandatory data-breach reporting rules have a similar objective to the EU’s General Data Protection Regulation (GDPR) requirements, which take effect May 2018, and bridge what could have been a gap between the EU and Canada’s requirements. 

“We need a federal data-breach reporting regime, if for nothing else but to improve the likelihood that we will continue to be adequate under the GDPR in Europe,” Mee says.

Under the GDPR, European companies can transfer data to organizations in Canada that are subject to the Personal Information and Electronic Documents Act (PIPEDA) because PIPEDA meets the EU’s adequacy threshold,  but that decision is up for review.

“It’s a good thing for the Canadian economy so we want to keep that,” Mee says.