As of November 1, 2018, organizations subject to Canadian privacy law must comply with important new rules in relation to breaches. These rules will present new costs, risks and challenges for organizations and additional liability, reputational and regulatory exposures. In this guest article, the chair of Fasken’s privacy and cybersecurity group, Alex Cameron, provides an analysis of the new rules; practical compliance considerations, including a review of key guidance issued on October 29 by the Office of the Privacy Commissioner of Canada; and insight on how the new rules affect organizations based outside of Canada and interact with other laws. See also “Analyzing New and Amended State Breach Notification Laws” (Jun. 6, 2018).