#CyberFLASH: New data breach notification standards should be flexible, adaptive, ITAC says


As Innovation Science and Economic Development Canada (ISED) prepares to release a second version of the country’s new data breach notification standards this fall, the Information Technology Association of Canada (ITAC) hopes the latest proposed regulations will take a flexible, outcome-based approach, while also providing a grace period to give businesses time to adjust.

“We want there to be an appropriate balance between the need to protect Canadians by notifying them of data breaches, and the costs and challenges sometimes faced by businesses in in doing so,” ITAC senior director David Messer tells ITBusiness.ca.

Since 2015, data breaches have been governed by the Personal Information Protection and Electronic Documents Act (PIPEDA), a law passed in 1998 to regulate how non-government organizations (excluding charities and not-for-profits) were allowed to collect, use, disclose, and dispose of personal data.

Under PIPEDA’s current regulations, organizations are responsible for all personal information within their control. They must also acquire consent from anyone whose data they collect; protect the information collected from loss or theft; and report data breaches that compromise its security to both the government, through the Office of the Privacy Commissioner; and to affected individuals, so they can take the steps necessary to mitigate damage; to ensure compliance with the act.

Consumers, meanwhile, have a right to examine their personal information, challenge its accuracy, and may withdraw their consent to provide said information at any time.

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.