Canwest reports that the federal government plans to introduce new security breach disclosure legislation that will provide considerable discretion for when businesses disclose instances of security breaches. There are apparently no penalties for failure to disclose. Given the potential impact of identity theft and the incentives to keep breaches secret, the law sounds so weak as to be close to useless.
Security Breach Disclosure Bill May Fall Short
One Comment
Recent Posts
Everything All At Once: Bill C-34 Combines Platform Duties, a Kids’ Social Media Ban, AI Chatbot Regulation, and a Powerful Digital Safety Commission Into a Risky “Trust Us” Bet 
Yet Another Trade Battle Brewing: Why a Kids’ Social Media Ban Could Put Canada on a Collision Course With the U.S. 
Everything You Wanted to Know About a Kids’ Social Media Ban (But Were Rightly Afraid to Ask): A FAQ on Age Verification and Mandated ID for Everyone 
Bill C-22’s Clause-by-Clause Problem: The Government Includes Agencies Seeking Lawful Access Powers But Blocks the Privacy Commissioner’s Return 
You Can’t Put the Toothpaste Back in the Tube: Why the Government’s Reported “Temporary” Plan for a Kids’ Social Media Ban Would Mean Mandated ID for Everyone
Only disclosure?
It seems to me that disclosure is not even the important issue. How come there is no liability? Could it be because personal information is being handled in a way that benefits the company or government and not the individuals concerned? A bank would be responsible if they left your money in a suitcase somewhere and someone walked off with it. “I left it on the bus” doesn’t cut it with money, why does it with information. Shouldn’t personal information be protected by the same rules? Whether loss or disclosure of personal information is deliberate or accidental doesn’t make any difference to the people effected.