Question 7

Question

A federally regulated company based in Ontario has customers in Ontario, Quebec, New Brunswick,
Alberta and British Columbi
a. Unfortunately, a third-party vendor that provides marketing support to the company experiences a
privacy breach which impacts the personal information of all its customers across the provinces
where it operates.
The Privacy Officer determines that the breach causes a real risk of significant harm to their
customers and is tasked with reporting the breach to the relevant regulators.
With which provincial privacy regulators does the company have to file a report?

Accepted Answer

It is unnecessary to file a report with any provinces because the company is federally regulated

Amelia M. · Answer

A imo

Neha Y. · Answer

A not B

Grace K. · Answer

I'm going with A, but if employee records were involved, maybe not.

SteadyArchitect1495 · Answer

Man, I wish they'd make questions like this clearer about carve-outs. But yeah, A is correct-if it's a federally regulated org like a bank or telecom, PIPEDA governs breach reporting, so no provincial filings required. Unless it's special categories like health data (which isn't mentioned here), only the federal privacy commissioner gets the notification. Pretty sure that's what most exam reports say.

FriendlyReviewer1027 · Answer

I don't think B is right, since PIPEDA applies for federally regulated orgs even across provinces. A.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE