The Digital Privacy Act (Bill S-4)

The Digital Privacy Act (Bill S-4)

What businesses should know about new data breach notification laws

Businesses are required to report data breaches involving individuals' personal information.

In the event of a material data breach, businesses are required to notify affected individuals and The Privacy Commissioner.
Businesses of all sizes are required to report data breaches.

All organizations are vulnerable: 62 percent of security breaches occur in small to mid-sized businesses (Symantec Internet Security Threat Report).

Examples of small business data breaches:

  •  Theft of a computer from an accountant's office exposed tax records of 800 clients.
  •  An employee of a medical office lost a computer thumb drive containing 1,200 files.
  •  Identity thieves accessed financial records of 2,000 investment clients through employee-installed peer-to-peer software.

What can a data breach cost* per affected individual?

Direct cost - $108:

  •  Legal review, forensic IT, preparation of notification letters, identity fraud alert services Indirect cost - $147:
  • Time, effort and other organizational resources spent to resolve the breach
  • Reputational loss and customer churn are additional consequences Ponemon Institute, Cost of Data Breach Study Canada, 2017

Typically, commercial property and liability policies may not cover data breach costs.

BI&I data breach coverage pays for costs of notification and response.
Policyholders receive free access to eRiskHub® data breach risk management tools.
Coverage also pays for services to affected individuals, such as fraud alert and identity recovery case management.

  • If you are a broker and would like to quote data breach coverage, visit biiconnect.com
  • If you are a client company and would like to know more about HSB BI&I data breach coverage, contact our reinsurance representative.

If you are a broker and would like to quote data breach coverage

If you are a client company and would like to know more about HSB BI&I data breach coverage

We use cookies on our websites to improve your experience as an internet user, and to optimise our online services. They comprise cookies that are required for technical purposes, and without which the website functionality could not be guaranteed. We also employ cookies to carry out statistical evaluations of the reach of our websites. These evaluations are anonymised. You can find further information on the cookies we use, and ways to object to the use of cookies for statistical evaluations, in our cookie guidelines.