Data breaches are an unfortunate reality of modern life. From major corporations to small businesses, no organisation is immune — and when a breach happens, your personal information may be at risk. Here is what you need to know and what you should do.
What Is a Data Breach?
A data breach occurs when personal information — such as your name, email, Social Insurance Number (SIN), credit card numbers, or health records — is accessed, disclosed, or lost without authorisation. Breaches can result from hacking, employee error, lost devices, or system vulnerabilities.
Canada's Data Breach Notification Laws
Under PIPEDA (the Personal Information Protection and Electronic Documents Act), organisations that experience a breach posing a "real risk of significant harm" are required to:
1. Report to the Office of the Privacy Commissioner (OPC) — The organisation must submit a detailed report about the breach.
2. Notify affected individuals — Direct notification must be provided, with enough information for you to understand the risk and take protective action.
3. Notify other organisations — If another organisation or government body could help mitigate the harm, they must be notified as well.
Provincial laws in Quebec, Alberta, and British Columbia add additional requirements and, in some cases, stricter penalties.
What to Do If Your Information Is Compromised
1. Change Your Passwords Immediately
Update the passwords for all affected accounts — and any other accounts where you used the same password. Use strong, unique passwords and enable multi-factor authentication wherever possible.
2. Monitor Your Financial Accounts
Check your bank accounts, credit cards, and other financial accounts for unauthorised transactions. Set up transaction alerts so you are notified of any activity in real time.
3. Check Your Credit Reports
Request your credit reports from both Equifax and TransUnion. Look for accounts you did not open, inquiries you did not authorise, and any changes to your personal information.
4. Place a Fraud Alert
Contact Equifax and TransUnion to place a fraud alert on your credit file. This notifies lenders to take extra steps to verify your identity before opening new accounts.
5. Report the Breach
6. Keep Detailed Records
Document everything — notifications you received, accounts you contacted, police file numbers, and any financial losses. This documentation will be important if you need to dispute charges or file insurance claims.
How an Identity Theft Protection Plan Can Help
An Identity Theft Protection Plan provides comprehensive monitoring, restoration support, and insurance coverage to help you recover from a data breach and protect yourself from future threats.
Ready to Get Protected?
Get affordable legal protection today. Choose your location to explore Identity Theft Protection Plans.