Canwest reports that the federal government plans to introduce new security breach disclosure legislation that will provide considerable discretion for when businesses disclose instances of security breaches. There are apparently no penalties for failure to disclose. Given the potential impact of identity theft and the incentives to keep breaches secret, the law sounds so weak as to be close to useless.
Security Breach Disclosure Bill May Fall Short
April 25, 2008
Share this post
One Comment
Law Bytes
Episode 199: Boris Bytensky on the Criminal Code Reforms in the Online Harms Act
byMichael Geist
April 15, 2024
Michael Geist
April 8, 2024
Michael Geist
March 25, 2024
Michael Geist
March 18, 2024
Michael Geist
March 11, 2024
Michael Geist
Search Results placeholder
Recent Posts
- Debating the Online Harms Act: Insights from Two Recent Panels on Bill C-63
- The Law Bytes Podcast, Episode 199: Boris Bytensky on the Criminal Code Reforms in the Online Harms Act
- AI Spending is Not an AI Strategy: Why the Government’s Artificial Intelligence Plan Avoids the Hard Governance Questions
- The Law Bytes Podcast, Episode 198: Richard Moon on the Return of the Section 13 Hate Speech Provision in the Online Harms Act
- Tweets Are Not Enough: Why Combatting Relentless Antisemitism in Canada Requires Real Leadership and Action
Only disclosure?
It seems to me that disclosure is not even the important issue. How come there is no liability? Could it be because personal information is being handled in a way that benefits the company or government and not the individuals concerned? A bank would be responsible if they left your money in a suitcase somewhere and someone walked off with it. “I left it on the bus” doesn’t cut it with money, why does it with information. Shouldn’t personal information be protected by the same rules? Whether loss or disclosure of personal information is deliberate or accidental doesn’t make any difference to the people effected.