In late 2020, the Canadian government proposed the Digital Charter Implementation Act, intending to modernize the framework for the protection of personal information in the private sector. Stemming from this Act, the Privacy Commissioner of Canada is set to receive more power to investigate privacy infractions and issue orders and fines. Simultaneously, Ontario is developing its own privacy legislation aimed at the private sector to govern how private organizations treat their users’ data, expand the power of the Information and Privacy Commissioner of Ontario, and introduce fines for violations of the Act. In short, private organizations across Canada will soon be subject to stringent regulations – non-compliance may become very expensive. New privacy regulations in Canada and Ontario are on the horizon and any private organization not ready for their implementation may suffer unexpected consequences. Organizations must be ready to respond – but how? Is a good security team enough? How do you assess the legal risks and exposure stemming from a breach? Do you have to report all breaches to the privacy commissioner? Which privacy commissioner, federal or provincial? Do you have to notify your users/customers of a breach? Who is a breach coach and why do we need them? Are there legal consequences for poor security? This seminar will explore the recent developments in Canada and the anatomy of a breach response to answer some of your burning questions. This presentation will give attendees an in-depth update on the status of several key legislation being developed in Canada and Ontario and provide an overview of a proper breach response to be compliant with privacy legislation and minimize litigation exposure stemming from a breach.