Skip to content

Canada Privacy Reformation: The Bill C-26

Article by Tsaaro

7 min read

Canada Privacy Reformation: The Bill C-26

The Great White North, or as we call it, Canada, has been dealing with a rise of malicious cyber activity, ranging from cyber-attacks to ransomware, and has spent approximately $4.8 billion on cybersecurity. Several of these attacks go unreported, and almost half of those reported have targeted critical infrastructure organisations. Amidst all this, Marco Mendicino, The Minister of Public Safety, has introduced new legislation named An act respecting cyber security Bill C-26. The Bill aims to bolster cyber security norms in key federally regulated sectors. As Canada does not have an explicit legal mechanism to address such threats, the bill would empower the regulators to impose fines or issue summary convictions to ensure compliance.

Currently, the bill includes four critical infrastructure sectors – Telecommunications, Finance, Energy, and Transportation – and would require the companies in these sectors to toughen their cyber-security and confidentially share cyber threat information with the state. Further, specific companies would be “designated” that are high risk and vital to national security, which will become the federal government’s focus.

After the proposed legislation is passed, government departments will meet with the companies and provide further details on how any breaches are to be reported, what the timeline for reporting will be, and what information should the reports mandatorily include. The specially designated companies would also have to “keep records of how they implement their cyber security program, every cyber incident they have to report, any step taken to mitigate any supply-chain or third-party risks and any measures taken to implement a government ordered action.”

Once passed, Bill C-26 would amend the Telecommunications Act and the Critical Cyber Systems Protection Act (CCSPA).

Amendments to the Telecommunications Act

The act oversees the telecom and internet providers, and the proposed amendments would add security to their policy objective, bringing telecommunication in line with other critical sectors. This would grant the government legal authority to mandate necessary actions to secure Canada’s telecommunications systems, including prohibiting companies from using products and services from “high-risk providers”. The regulators would include the Candian Radio-television and Telecommunications Commission (CRTC) and the Department of Innovation, Science and Economic Development Canada (ISED)

 This would provide legal backing to the announcement regarding the prohibition and removal of any 5g equipment sourced from Huawei or ZTE. A move that has been delayed for years due to diplomatic feuds is in line with Canada’s closest allies, the United States

Amendments to the Critical Cyber Systems Protections Act (CCSPA)

The act lays down the framework for securing Canada’s critical cyber infrastructure that falls under federal jurisdiction and is vital to national security or public safety. The amendments would help the companies better prepare, prevent and respond to cyber security incidents creating a baseline level of protection in critical sectors.

Further, the CCSPA would allow the government to issue directions to the designated companies. The companies would be obligated to:

  • Establish a cyber security program
  • Mitigate any supply chain/third party service or product risks
  • Report cyber security incidents to the Canadian Centre for Cyber Security
  • Implement any cyber security directions


The regulators with authority to implement these cybersecurity provisions would include the ISED, the Office of Superintendent of Financial Institutions, the Bank of Canada, Transport Canada, the Canadian Energy Regulator, and the Canadian Nuclear Safety Commission.

Initially, only the four key sectors mentioned above will be included, but sectors like agriculture and manufacturing may be included later. Further, the federal government hopes that the legislation will serve as a model for provinces and territories to implement cyber security legislation to govern entities like hospitals, police departments, and the local governments.

The proposed amendments have been hailed as a positive step in cybersecurity and put Canadian laws on similar lines to those south of the border in the US. They require security agencies to notify regulators in the event of breaches, ransomware attacks, and demand for ransomware payments, especially regarding supply chain risks. Companies in these critical sectors must revise their security framework to meet compliance. It is hoped that the changes would bolster Canadian citizens’ national security and privacy.

30 thoughts on “Canada Privacy Reformation: The Bill C-26”

  1. Excellent article! I appreciate the thorough and thoughtful approach you took. For more details and related content, here’s a helpful link: LEARN MORE. Can’t wait to see the discussion unfold!

Comments are closed.

Tsaaro Consulting

INTRODUCTION: In a recent ruling, the Competition Commission of India (CCI) has slapped a heavy fine of 213.14 crore on …

Tsaaro Consulting

In today’s dynamic and fast-paced corporate environment businesses are increasingly adopting staff augmentation as a flexible workforce solution to address …

Tsaaro Consulting

In today’s fast-paced business environment, organisations are constantly seeking innovative methods to adapt and scale efficiently. Staff Augmentation Consulting services, …

Tsaaro Consulting

INTRODUCTION: In today’s interconnected world, businesses operate across borders, serving customers globally. This inevitably leads to the transfer of personal …

Krishna

INTRODUCTION: The Personal Data Protection Law No. 6698, known as Kişisel Verileri Koruma Kanunu (KVKK), is Türkiye’s landmark data protection …

SHARE THIS POST

Would you like to read regular updates from Tsaaro.
Subscribe to our newsletter

Our Latest Blogs

Read what the latest hapennings in the cyber world are and learn what the
experts have to say about them

Call Our Experts:

+91 95577 22103

small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png

We’d love to help your organization achieve your Data Protection goals!

Schedule a complimentary consultation with our Team of Experts.