Equifax is one of the leading credit reporting agency and is often the first place one contacts when their personal information may be the subject of a data breach.  Now, Equifax itself is reporting a massive breach of its system that may have compromised millions of customers' data in the US, the UK and Canada between May and July earlier this year. 

If as an organization or public body, you have experienced a data breach, it is important that you determine the nature of breach and secure your system immediately.  Once this has been done, an assessment should be done to determine what information was accessed or compromised during the breach  and determine if you are required to (or advised to) report the breach to any agencies, such as the provincial Information and Privacy Commissioner or federal Privacy Commissioner, and to any affected individuals. 

For example, in Alberta under the Personal Information Protection Act (PIPA), there is a mandatory breach notification requirement for private sector companies and organizations to report where the incident involves the loss of or unauthorized access to or disclsoure of personal information that there exists a real risk of significant harm to an individual as a result of the breach. Such reporting is to the Commissioner and to the affected individuals whose personal information was compromised.

The Government of Canada has recently proposed the Breach of Security Safeguards Regulation under the Personal Information Protection and Electronic Documents Act (PIPEDA). This long awaited regulation when enforce will place similar mandatory breach notification requirements on corporations and organizations that are governed by PIPEDA.  This will include businesses and organizations in provinces without private sector privacy legislation such as Saskatchewan, private sector businesses and organizations that carry on business across provincial borders, and to corporations operating in a federal undertaking such as banks. 

If you are concerned about whether your personal information has been compromised in the Equifax data breach, we recommend that you contact Equifax directly or visit their website.  

Please also visit the website of your provincial Information and Privacy Commissioner's website for more information on your privacy rights and tips on how to protect your personal information and privacy rights.