Congratulations to Ontario Privacy Commissioner Ann Cavoukian for being the first Canadian privacy commissioner to speak out for what should be self-evident: Canada needs a law that requires organizations to report privacy or security breaches to their customers.
California has provided the model for this kind of legislation with many U.S. states following suit.
I wrote about this earlier this year and plan to revisit the issue shortly. Simply put, there is no more effective tool to encourage compliance than this form of law. The recent spate of security breaches does not mean that the breaches are new. Rather, the reports are new and the response from legislators, companies, and the public provides ample evidence that this legislation belongs in every jurisdiction’s privacy toolkit.