Post Tagged with: "data breach"

Equifax Key by GotCredit (CC BY 2.0) https://flic.kr/p/TqZ2V2

Into the Breach: How Canada’s Security Breach Disclosure Regulations Fall Short

With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.

Read more ›

October 4, 2017 3 comments News
Privacy by g4ll4is (CC BY-SA 2.0)

Proposed Data Breach Disclosure Rules Leave Too Many Canadians in the Dark

News last week of a stunning data breach at a Toronto-area hospital involving information on thousands of mothers places the proposed Digital Privacy Act squarely in the spotlight. Bill S-4, which was introduced two months ago by Industry Minister James Moore, features long overdue data breach disclosure rules.

My weekly technology law column (Toronto Star version, homepage version) notes the new rules would require organizations to notify individuals when their personal information is lost or stolen through a data or security breach. Most other leading economies established similar rules years ago, recognizing that they create much-needed incentives for organizations to better protect our information and allow individuals to take action to avoid harms such as identity theft when their information has been placed at risk.

While the mandatory data breach rules can be an effective legislative privacy tool, they only work if organizations actually disclose breaches in a timely manner. Bill S-4 establishes tough penalties for failure to notify affected individuals, but unfortunately undermines its effectiveness by setting a high notification standard such that Canadians will still be kept in the dark about many breaches, security vulnerabilities, or systemic security problems.

Read more ›

June 9, 2014 Comments are Disabled Columns

Proposed Data Breach Disclosure Rules Leave Too Many Canadians in the Dark

Appeared in the Toronto Star on June 7, 2014 as Digital Privacy Act Should Be a Lot Stronger on Data Breach Reporting News last week of a stunning data breach at a Toronto-area hospital involving information on thousands of mothers places the proposed Digital Privacy Act squarely in the spotlight. […]

Read more ›

June 8, 2014 Comments are Disabled Columns Archive

B.C. Privacy Commissioner Calls for Mandatory Data Breach Reporting

B.C. Privacy Commissioner Elizabeth Denham has called on the province to amend its privacy law by adding mandatory data breach reporting requirements. Her office investigated 500 privacy breach cases last year alone.

Read more ›

April 16, 2012 Comments are Disabled Must Reads

PIAC Report Says Bill C-12 Data Breach Rules Should Be Toughened

PIAC has released a new report that examines the mandatory data breach reporting requirements in Bill C-12 and concludes that changes are needed to provide adequate privacy protection.

Read more ›

January 10, 2012 Comments are Disabled Must Reads