Skip to main content

Force firms to disclose data breaches, report urges

posted onJanuary 11, 2012
by l33tdawg

As Ottawa mulls whether to update Canada’s existing privacy laws, one consumer rights group argues the proposal doesn’t go far enough.

Bill C-12, which went through first reading in the House of Commons three months ago, would change the Personal Information Protection and Electronic Documents Act (PIPEDA) to require Canadian companies to report incidents involving the theft or loss of personal information. Currently PIPEDA does not require disclosure of data breaches and Alberta is the only province to have mandated such a requirement.

In a report published this week, the Public Interest Advocacy Centre (PIAC) criticized the bill, claiming it provides “excessive discretion to organizations that have had a data breach, allowing them unilaterally to characterize the breach as non‐harmful to consumers.” “In so doing, organizations gain the benefit of a largely unreviewable decision in the face of a manifest and undeniable conflict of interest.  The result is likely to be a vast under-reporting of serious data breaches, which puts consumer welfare at excessive risk,” the report said.



Law and Order Canada

You May Also Like

Recent News

Monday, December 18th

Sunday, December 17th

Friday, December 15th

Thursday, December 14th

Wednesday, December 13th