Calls for Data Security Breach Notification Law in Canada
The Canadian Internet Policy and Public Interest Clinic (CIPPIC) at the University of Ottawa released a white paper yesterday that calls on the federal government to enact a data security breach notification law.
Such a law would require organizations, government agencies and businesses to notify individuals when their personal information is exposed to potential theft and misuse due to a computer security breach.
From the introduction of the White Paper:
“Recognizing that individuals need to know when their personal information has been put at risk in order to mitigate potential identity fraud damages, most states in the U.S. now have laws requiring that organizations notify affected individuals when a security breach exposes their personal information to unauthorized access. In contrast, neither the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) nor corresponding provincial statutes include an explicit security breach notification requirement”.
“This White Paper considers the need for an explicit obligation in Canadian privacy law to notify affected individuals of a breach in an organization’s security that places those individuals’ personal information at risk. The Paper begins its analysis with a review of the existing Canadian legislative framework relating to security breach notification. It then analyzes security breach legislation in the United States, where over half the states have enacted a mandatory security breach disclosure requirement and where several federal bills are currently pending. The Paper then considers justifications for, and objections to, such legislation, before concluding with a series of recommendations for enacting an effective statutory obligation of security breach notification in Canada”.
Comments are closed.