Publication
UK Carbon Border Adjustment Mechanism: how will it work?
In February, we reported on the Department of Energy Security and Net Zero’s confirmation that a UK Carbon Border Adjustment Mechanism (CBAM) would be bought into force by 2027
Canada | Publication | September 29, 2020
In light of a recent Office of the Privacy Commissioner publication, companies should note the importance of sometimes-overlooked breach compliance activities, including documenting a data breach and how implementing an effective breach management system can be an important compliance tool.
The federal Office of the Privacy Commissioner (OPC) recently published the 2019 Breach Record Inspection report (report)1 on how organizations are addressing personal information breach record keeping and notification obligations under the Personal Information Protection and Electronic Documents Act (PIPEDA).2 The report provides guidance for organizations on assessing and documenting a ‟real risk of significant harm” (RROSH), which triggers notification to the regulators and individuals.
A key takeaway from the report is the importance for organizations to have a breach management system in place that consistently and appropriately assesses whether there is a RROSH if a breach occurs. Furthermore, a record-keeping system that sufficiently documents such assessment may serve as evidence of compliance with the mandatory breach notification.
PIPEDA requires not only that an organization report all RROSH breaches but that it records all breaches whether reportable or not. In cases where no RROSH is found, an organization should also make sure enough detail about the RROSH assessment should be documented for future investigation by the OPC. Some of the practices that the OPC described included:
Breach records must contain sufficient information for the OPC to verify an organization’s compliance with mandatory breach reporting and notification requirements. The report further describes the following practices in regards to record keeping:
In addition to including the above elements in its breach management system, the report recommends that organizations continually audit and improve these systems (including to ensure an organization’s staff are not under-reporting breaches). An organization may want to therefore review its current breach management system to ensure that it includes the elements outlined in the report, as well as procedures to continually audit and improve the same.
The authors wish to thank law student Roxanne Caron for her help in preparing this legal update.
Publication
In February, we reported on the Department of Energy Security and Net Zero’s confirmation that a UK Carbon Border Adjustment Mechanism (CBAM) would be bought into force by 2027
Publication
Last November the Financial Conduct Authority (FCA) published Policy Statement 23/16 (PS23/16) containing final rules and guidance on sustainability disclosure requirements (SDR) and investment labels (UK SDR regime).
Publication
International financial markets have started to show significant interest in nature and biodiversity. Whilst climate change and greenhouse gas emissions have made the headlines in recent years, there has been much less focus on their equally important counterparts, nature and biodiversity. However, that has started to change.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023