The Globe and Mail reports that Passport Canada has suffered a massive privacy breach that resulted in online availability of applicant information. I argue that this again highlights the need for mandatory security breach notification legislation. Update: The incident is raised during Question Period on the floor of the House […]
Post Tagged with: "security breach"
The Toronto Star reports that a doctor at the Hospital for Sick Children lost an external hard drive containing data on 3,300 patients just weeks after the Ontario Privacy Commissioner warned against removing electronic health records from the hospital.
My weekly Law Bytes column (Toronto Star version, homepage version) examines the Standing Committee on Access to Information, Privacy and Ethics' much-anticipated report on the reform of Canada’s private sector privacy law released earlier this month. Despite hearing from 67 witnesses, the Committee followed the lead of Industry Minister Maxime Bernier and Privacy Commissioner Jennifer Stoddart – neither of whom argued forcefully for reform – by issuing a tepid report that rejects the changes that many privacy advocates believe are necessary to improve the effectiveness of the current legal framework.
Instead, the final report, which includes separate dissenting opinions from the Conservative and Bloc Quebecois MPs, features 25 recommendations that at best represent little more than tinkering with the law and at worst undermine privacy protections in several key areas, most notably the use of privacy law to counter the mounting spam problem. Most of the major issues presented to the Committee, including beefing up the Privacy Commissioner's powers, adopting a "name and shame" approach for privacy violators, and safeguarding Canadian data that is outsourced to other jurisdictions, were met with indifference, as the Committee recommended no further reforms. In fact, even a mandatory security breach notification requirement – widely expected as a response to the massive data security breaches involving retail giants Winners and Homesense – was tempered with a recommendation to require notification to the Privacy Commissioner, not necessarily to the individuals affected by the breach.
In fairness to the Committee, many of their recommendations appear to have been shaped by the inexplicably weak responses from Industry Minister Bernier (who is responsible for the legislation) and Privacy Commissioner Stoddart.
Appeared in the Toronto Star on May 21, 2007 as Privacy Report a Major Disappointment The Standing Committee on Access to Information, Privacy and Ethics issued its much-anticipated report on the reform of Canada’s private sector privacy law earlier this month. Despite hearing from 67 witnesses, the Committee followed the […]