Forensic Data Recovery Experts

What is this mandatory breach reporting about?

Mandatory breach reporting emerged in Canada, on the 1st of November 2018, completely unexpected. The PIPEDA, short for Personal Information Protection and Electronic Documents Act states that all foreign or domestic organizations in Canada are required to report any security breaches on their systems. First and foremost, it is mandatory for companies to notify any individual that was affected by the security breach (no time requirement as of yet).

The main requirement that the whole breach reporting revolves around refers to the “breach of security safeguards”. The PIPEDA explains that a breach of security standards is one of two things:

  • Either the company’s failure to implement and enforce the proper security standards


  • The unauthorized disclosure and/or access to personal data of one or more individuals

The fines resulted from the inobservance of this regulation are quite hefty as well – around $100.000. We, at TCS Forensics, can help you determine whether your security systems are in order, thus mitigating any risks of receiving a fine. Moreover, if there’s something wrong with your security system, we will file a detailed report where we describe the potential issues as well as recommend relevant solutions.

Specific requirements about privacy breach

If you want your company to fully abide by the Personal Information Protection and Electronic Documents Act, there are three mandatory requirements you must follow:

  • Announce the affected individuals of the security breach
  • Report the security and privacy breaches to the Canadian Office of the Privacy Commissioner
  • Always keep certain records related to the privacy breaches

As we said before, there’s currently no specific time requirement for a report to be made. However, the PIPEDA states that it should be made as soon as possible after the security breach takes place. Evidently, particular circumstances might compel you to delay a report, depending on the case. Contact us for more information on these specific circumstances and how they apply in most cases.

As for the specific records you are required to keep about security breaches, they are:

  • The type of information involved in the security breach
  • The date of the breach
  • Whether the breach was reported to the Canadian privacy commissioner and the involved individuals
  • A short explanation of the reasons why a company considered there was no need to report the breach to the privacy commissioner or the involved individuals
  • The circumstances of the security breach

Highly professional standards and reliable methods

We, at TCS Forensics, are not your run-of-the-mill security advisers who lack a greater perspective on things. We have been working in this field for a long time, and we’ve always provided excellent services to our clients. This implies utmost response efficiency, detailed reports and consultations, as well as the top performance and knowledge of our team.

Our experts know everything about security regulations, forensic techniques, penetration testing as well as legal requirements. We employ professional standards of the highest level which the FBI and RCMP use as well. Therefore, whatever security alterations we recommend are entirely within the boundaries of the law, mitigating any risks for our clients.

TCS Forensics is at your disposal 24/7. Even more so after Canada’s mandatory breach reporting requirements emerged. We’re here to answer any questions you have about potential security breaches, chinks in your security system, and more. Contact us now if you want an expert counsel on your firm’s security systems, and whether they observe the mandatory breach reporting regulations in Canada!

Contact us for a free consultation:

Tel: (604) 370-4336


If you have any questions please complete the form below to contact us & I will be sure to get back to you.
Keith Perrin

Keith Perrin
Chief Executive Officer

Unit 125 – 3751 Jacombs Rd.
Richmond, BC
V6V 2R4
Tel: (604) 370-4336

  • This field is for validation purposes and should be left unchanged.

Our Certifications