OTTAWA -- Companies would be required to notify people in the event of a serious data breach involving personal information under proposed new federal regulations.
But the regulations do provide some flexibility, depending on the circumstances.
Several businesses -- including telecom provider Bell Canada and affair-seekers website Ashley Madison -- have been stung by breaches in recent years.
The loss of data can be embarrassing for an organization and can cause headaches for customers whose personal or financial details are suddenly swirling in cyberspace.
Legislation passed two years ago laid the groundwork for mandatory reporting of private-sector breaches that pose a "real risk of significant harm" to individuals.
The Ottawa-based Public Interest Advocacy Centre says the proposed regulations don't go far enough because they give companies discretion as to whether a breach is serious enough to report to those affected and the federal privacy commissioner.
BNN is a division of BCE's Bell Media division