Last review date: 18 December 2024

No.

Last review date: 18 December 2024

It depends (for example, on the way the asset sale is structured, and/or the assets being.

Generally, the organization that is in control of personal information that is subject to a cybersecurity breach or data privacy violations would retain liability and be subject to the applicable fine. Therefore, purchasers must integrate a careful review of the target's data protection systems and processes and investigate whether any breaches are ongoing.

Last review date: 18 December 2024

Unclear.

Last review date: 18 December 2024

Yes.

The OPC has emphasized that in the context of a share sale, the acquiring entity inherits liability for pre-acquisition data privacy or cybersecurity breaches. For example, the OPC addressed the inherited liability of pre-acquisition data privacy breaches in PIPEDA Findings #2022-005. There, a global hotel chain ("Purchaser") was held accountable and investigated for failure to mitigate a pre-acquisition cybersecurity breach incurred by the target it had acquired.

Last review date: 18 December 2024

Unclear.