#CyberFLASH: Canada Mulls Mandatory Data Breach Notifications

FEATURE-encryption-graphic-1-SHUTTERSTOCKCanada is considering incorporating fines for organizations that do not proactively notify individuals or the appropriate regulatory bodies of data breaches.

Bill S-4, the digital privacy act, is now before the House of Commons. It would amend the Personal Information and Electronic Documents Act to include mandatory breach notification provisions to alert both affected individuals and the privacy commissioner if there’s an incident, and would require compromised organizations to keep a record of every breach.

“On breach notification, I think Bill S-4 has it right,” said Chantal Bernier, former interim privacy commissioner of Canada who is now counsel at Dentons LLP, speaking to Canadian Lawyer Magazine. “You need to make breach notification mandatory so the affected individuals can protect themselves.”

Failure to comply could include fines of up to $100,000, but the language of the bill leaves significant loopholes open. For one, the notification will only be required in cases that inflict “significant harm,” including “physical and moral” harm. The bill also does not specify a notification window—only that it should be carried out “as soon as possible.”

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.