Man, I wish they'd make questions like this clearer about carve-outs. But yeah, A is correct-if it's a federally regulated org like a bank or telecom, PIPEDA governs breach reporting, so no provincial filings required. Unless it's special categories like health data (which isn't mentioned here), only the federal privacy commissioner gets the notification. Pretty sure that's what most exam reports say.
I don’t think it’s B. A fits because if the company is federally regulated, then PIPEDA covers breach notification, so provincial reporting isn’t needed except for some special cases (like certain health info or specific employee context, which isn't mentioned here). Unless more details are added, pretty confident about A here. Disagree?
Pretty sure it's A. Federally regulated companies fall under PIPEDA for breach reporting, not the provincial laws, unless it's health or certain employee data (which isn't mentioned). Correct me if I'm missing something but that's how it usually works on these exams.