Alberta’s new Privacy Commissioner, Jill Clayton, has released a report on the first two years of mandatory privacy breach reporting in Alberta (the “Breach Report”).
Under Alberta’s private sector privacy law, the Personal Information Protection Act (“PIPA”), a privacy breach that presents “a real risk of significant harm” must be reported to the Privacy Commissioner, who can then require an organization to notify affected individuals. Relevant “harms” include risk of identity theft, damage to reputation, and risk to personal safety.
As of the end of April 2012, 151 breach reports had been received by the Privacy Commissioner. Of these reports, 63 cases (42%) involved a real risk of significant harm. In the remainder of the matters, this threshold was not reached, PIPA was determined not to apply, or the matter was still under review.
The Breach Report shows that a majority of the 63 reported cases meeting the real risk of significant harm threshold involved human error or lost or stolen unencrypted electronic devices:
Read more here