Post Tagged with: "digital privacy"

Anthem Breach Notification by Tony Webster https://flic.kr/p/setXj5 (CC BY 2.0)

Coming Soon (or at least by November): Government Sets a Date for Data Breach Disclosure Rules To Take Effect

Several years after passing into law, the Canadian government has finally set an effective date for long-overdue data breach disclosure rules. The requirements were included in the Digital Privacy Act that was passed in 2015, but the accompanying regulations literally took years to finalize. Earlier this year, I argued that the failure to expedite security breach disclosure rules was an embarrassing failure for successive Conservative and Liberal governments, placing the personal information of millions of Canadians at risk and effectively giving a free pass to companies that do not adequately safeguard their customers’ information.

Read more ›

April 4, 2018 2 comments News
Privacy by g4ll4is (CC BY-SA 2.0)

Proposed Data Breach Disclosure Rules Leave Too Many Canadians in the Dark

News last week of a stunning data breach at a Toronto-area hospital involving information on thousands of mothers places the proposed Digital Privacy Act squarely in the spotlight. Bill S-4, which was introduced two months ago by Industry Minister James Moore, features long overdue data breach disclosure rules.

My weekly technology law column (Toronto Star version, homepage version) notes the new rules would require organizations to notify individuals when their personal information is lost or stolen through a data or security breach. Most other leading economies established similar rules years ago, recognizing that they create much-needed incentives for organizations to better protect our information and allow individuals to take action to avoid harms such as identity theft when their information has been placed at risk.

While the mandatory data breach rules can be an effective legislative privacy tool, they only work if organizations actually disclose breaches in a timely manner. Bill S-4 establishes tough penalties for failure to notify affected individuals, but unfortunately undermines its effectiveness by setting a high notification standard such that Canadians will still be kept in the dark about many breaches, security vulnerabilities, or systemic security problems.

Read more ›

June 9, 2014 Comments are Disabled Columns