Googling is cyber insurance is mandatory in Canada? We can help.
Change is the air. As a Canadian business leader, it’s vitally important for you to keep current and aware of what rules and regulations can and do apply to your day-to-day operations. Keeping your business and customers’ digital data secure is just one reason why you may be googling “is cyber insurance mandatory in Canada?” The reality is that things changed on November 1, 2018, when PIPEDA – the Personal Protection and Electronic Documents Act – came into effect across Canada.
PIPEDA and mandatory cyber breach reporting requirements in Canada
In short, every single Canadian business needs to be aware of this act. Large and small businesses alike are “subject to PIPEDA requirements to report and notify breaches of security safeguards that pose a real risk of significant harm, and to keep records of all breaches of security safeguards.”1
Managed by the Office of the Privacy Commissioner of Canada, this act requires organizations that are subject to PIPEDA to:
- “report to the Privacy Commissioner of Canada breaches of security safeguards involving personal information that pose a real risk of significant harm to individuals
- notify affected individuals about those breaches, and
- keep records of all breaches.”2
PIPEDA puts more specific obligations on commercial businesses to manage breaches of digital data that may result after a hacker attack. A breach of security safeguards is defined as: “the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards that are referred to in clause 4.7 of Schedule 1 of PIPEDA, or from a failure to establish those safeguards.”3
And, if an organization should knowingly contravene PIPEDA’s record-keeping, reporting and notification requirements regarding a security breach, fines could result.4 More on that here.
Canadian businesses are already worried about safeguarding digital data. And rightly so. Small Business Authority, Symantec and the National Cyber Security Alliance surveys suggest that almost 60 per cent of small businesses victimized by a cyber attack closed permanently within six months of the security breach event.5
Cyber insurance delivers the liability coverage that your business needs
Mandatory cyber breach reporting requirements are yet another risk that Canadian businesses of every size must manage. A hacker can put you and your customers’ data at extreme risk when you are least expecting it.
Even with the best firewalls and IT practices in place, PIPEDA is why Canadian business leaders now consider cyber insurance mandatory when it comes to commercial coverage. Regardless of where your business is located – be it bricks and mortar, online or both – one day you may find it targeted by hackers.
Thankfully, ALIGNED online cyber insurance is available to help manage the cyber exposures commonly faced by Canadian commercial businesses. With access to online commercial insurance in just a few clicks, it is fast, easy and simple to buy the specific cyber insurance you need.
If you have concerns about how changing privacy regulations might make cyber insurance mandatory instead of optional for commercial businesses our brokers are here to help. We take pride in helping Canadian businesses of all sizes successfully navigate coverage options including cyber liability insurance.
Source(s): 1,2,3,4 Office of the Privacy Commissioner of Canada: What you need to know about mandatory reporting of breaches of security safeguards; 5 ALIGNED Insurance: Cyber security for a small business in Canada
