top of page

Study on the Effectiveness of Data Breach Notification Laws in Canada

Prof. Nicolas Vermeys

Prof. Nicolas Vermeys

Prof. Nicolas Vermeys’ work examines data breach notification rules in Canada, both on a federal level, and in those provinces that adopted such rules (Quebec and Alberta). His research examines when public bodies and private organizations must notify authorities or affected individuals after a security breach, and how these same organizations understand their obligations when data has been compromised.

 

A central finding of his work is that current data breach notification rules are too closely tied to privacy legislation. Because these rules generally apply only when personal information is involved, other forms of confidential or sensitive data may fall outside notification requirements, even when a breach could still have serious consequences. Prof. Vermeys argues that breach notification should be treated not only as a privacy issue, but also as a broader information security issue.

 

His research also highlights inconsistencies in how organizations interpret and report breaches. Some incidents that appear minor are formally reported, while other significant breaches may not be communicated to authorities. Prof. Vermeys points to the need for clearer legislative guidance, more consistent reporting standards, and greater awareness among organizations of their notification obligations. His work offers practical insight for legislators, regulators, public bodies, and companies seeking to improve Canada’s approach to data breach response.

3744, Jean-Brillant Street, Montréal, Québec

© 2024 by HC2P. All rights Reserved.

bottom of page