Cybersecurity Rules for Bankruptcy Trustees

Official title: Amendments to Superintendent's directives relating to cybersecurity guidelines, minimum requirements and measures for the Licensed Insolvency Trustee community

Planned Regulations & Permits Finance & Consumer Technology & Digital
The Office of the Superintendent of Bankruptcy wants to update cybersecurity requirements for Licensed Insolvency Trustees. These are the professionals who handle bankruptcies and consumer proposals. The consultation will look at guidelines, minimum standards, and security measures these trustees must follow to protect sensitive financial data.

Why This Matters

Ever filed for bankruptcy or a consumer proposal? Your financial records are handled by Licensed Insolvency Trustees. This consultation is about how they protect your sensitive data from hackers. If you've gone through insolvency, your personal financial information is in their systems.

What Could Change

New directives could set minimum cybersecurity standards for bankruptcy trustees. This might include requirements for data encryption, secure storage, and breach notification procedures. Trustees who don't comply could face regulatory consequences.

Key Issues

  • What cybersecurity guidelines should Licensed Insolvency Trustees follow?
  • What minimum cybersecurity requirements should be mandatory?
  • What security measures should trustees implement to protect debtor data?

How to Participate

  1. This consultation is planned to open on December 12, 2025. Check the OSB public consultations page for updates when it launches.
  2. When open, submit feedback to the OSB Policy and Regulatory Affairs team at osbregulatoryaffairs-affairesreglementairesbsf@ised-isde.gc.ca.