Post Tagged with: "security breach disclosure"

C-29: The Anti-Privacy Privacy Bill

Industry Minister Tony Clement introduced two bills yesterday – the Fighting Internet and Wireless Spam Act (C-28) and the Safeguarding Canadians' Personal Information Act (C-29). I have spoken positively about C-28 (here, here, and here), which is long overdue and should receive swift passage. By contrast, C-29 is a huge disappointment. The bill is also long overdue as it features the amendments to Canadian private sector privacy law from a review that began in 2006 and concluded with a report in 2007.

Just over three years later, the government has introduced a bill that does little for Canadians' privacy, while providing new exceptions for businesses and new powers for law enforcement (David Fraser has helpfully created a redline version of PIPEDA with the proposed changes). The centrepiece of the bill is a new security breach disclosure provision, but the requirements are very weak when compared with similar laws found elsewhere. In fact, with no penalties for failure to notify security breaches, the provisions may do more harm than good since Canadians will expect to receive notifications in the event of a breach, but companies may err on the side of not notifying (given the very high threshold discussed below) safe in the knowledge that there are no financial penalties for failing to do so.

May 26, 2010 — 30 comments — News

Bell Hit With Theft of Data on 3.4 Million Customers

Bell Canada has disclosed that it recovered data on 3.4 million customers after the information was stolen four weeks ago. Montreal police have arrested one person.

February 12, 2008 — 6 comments — News

PIPEDA Hearings – Day 03 (Privacy Commissioner of Canada)

The Privacy Commissioner of Canada appeared before the committee on Monday in what is likely to be the first of two appearances (she indicated she would return at the end of the hearings). While the Commissioner asked for security breach disclosure legislation and identified cross-border data transfers as a concern, the big story of the day is that she effectively killed the prospect of order-making power. A shift toward order-making power was raised in both prior hearings and is likely to surface again when several privacy advocates appear before the committee. My guess is that the issue is now dead – the Commissioner opened by stating that she was not seeking any additional enforcement powers.

The move took committee members by surprise – several asked for clarification or reasons behind the decision. The Commissioner indicated that order making power raised other concerns and that it was premature to change the PIPEDA framework. With order making power likely finished (the committee is not going to add order making power if the Commissioner and the Industry Minister don't want it), the key remaining issues to look out for are security breach disclosure, cross-border transfers, the costs of PIPEDA to small business (a big concern for the Conservative members of the committee), and questions around the definition of "work product."

A full review of the day's events, thanks to Kathi Simmons, follows.

November 28, 2006 — Comments are Disabled — News

PIPEDA Review Underway Today

My weekly Law Bytes column (Toronto Star version, homepage version) examines the PIPEDA review which begins today. Representatives from Industry Canada will lead off, followed over the next week by privacy experts and the Privacy Commissioner of Canada. With the hearings expected to extend into mid-December, I argue that it […]

November 20, 2006 — Comments are Disabled — Columns