The short answer is no. The only legislation in Canada of which I'm aware that has that requirement is Ontario's Personal Health Information Protection Act.
In British Columbia—and our legislation is up for its own statutory review, starting in the next few months—I would, if asked, at this time certainly not support any explicit notification requirement along the lines of what we've been seeing in the United States, for example. I think that as the legislation matures we should wait for evidence that mandatory notification actually is a cost-effective way to reduce risks, for example, of identity theft flowing from a so-called data breach.
For now I would prefer strongly to continue with our office's approach to assessing this, looking at risk under the PIPEDA obligation of organizations to take reasonable security measures to protect personal information against unauthorized use; and to work with organizations and issue guidance, which we are about to do—and we have been joined in this in the last little while by our Ontario colleagues—around risk assessment as to whether or not notification would be prudent.