Expect to read a lot more about data breaches in the coming year. A lot more.
New changes to Canadian privacy law will require companies to disclose more information about cyber-attacks and be more proactive about disclosing potential risks that may leave them vulnerable.
The Canadian Securities Administrators (CSA), researched how 240 public companies disclosed information regarding ransomware and 40% of companies failed to address cybersecurity risks.
The new legislation will require companies to immediately report breaches along with details about the information that was lost and how the attacker gained access. This information will be given to the Office of the Privacy Commissioner of Canada, who will determine if the information should be released publicly. Companies will also be required to keep a record of breaches and their findings. Failure to do so will result in major fines up to $100,000. CBC News predicts the number of reported attacks will skyrocket due to the new guidelines, resulting in more transparency and improved protection moving forward.
Read more on CBC.ca