On November 1, 2018, new federal regulations will come into force that will require all organizations, including insurance brokers, to report breaches of security safeguards that pose a real risk of significant harm to individuals to the Privacy Commissioner and any individuals affected.
It will also require brokers to keep records (for a minimum period of 24 months) of all security safeguard breaches, regardless of whether they pose real risk of significant harm, or if they were reported to the Privacy Commissioner or individuals affected. These new data breach notification rules are required under the Digital Privacy Act, 2015, which amended the Personal Information Protection and Electronic Documents Act.
In response to these changes, IBAS and the Insurance Brokers Association of Canada have produced a guide to inform brokers of the new requirements, including reporting and storing requirements. It can be accessed by clicking here.
This information is also applicable to brokers’ commercial clients, and is free to be shared accordingly. Every broker, however, is unique — and any information provided in this guide must be considered in the context of your individual situation. This guide, including attachments and links, is not intended as legal advice. You should consult your individual legal advisors when considering these contents and when setting up your own systems of monitoring, reporting, and record-keeping.