Certified Information Privacy Professional – Canada (CIPP/C) — Question 11
A federally regulated company based in Ontario has customers in Ontario, Quebec, New Brunswick, Alberta and British Columbia. Unfortunately, a third-party vendor that provides marketing support to the company experiences a privacy breach which impacts the personal information of all its customers across the provinces where it operates.
The Privacy Officer determines that the breach causes a real risk of significant harm to their customers and is tasked with reporting the breach to the relevant regulators.
With which provincial privacy regulators does the company have to file a report?
Answer options
- A. It is unnecessary to file a report with any provinces because the company is federally regulated
- B. All of the provinces where its customers are located
- C. New Brunswick and British Columbia only
- D. Québec and Alberta only
Correct answer: A
Explanation
The correct answer is A because federally regulated companies are subject to federal laws, which may exempt them from reporting to individual provincial regulators. The other options are incorrect as they incorrectly suggest that provincial regulations apply when the company is governed by federal standards.