The Canadian Government’s Embarrassing Opposition to Security Breach Disclosure Legislation


Last week, the Privacy Commissioner of Canada released her vision of privacy reform, including the need for security breach disclosure legislation, order-making power, and greater transparency of warrantless disclosure. On the same day as Commissioner Stoddart released her position paper, the government was embarrassing itself in the House of Commons by formally opposing security breach disclosure legislation on the weakest of grounds. The opposition to meaningful privacy reform is particularly discouraging given the thousands of breaches that have occurred in recent years from within the government itself and its claims to be concerned with the privacy of Canadians.

Read more here

IT companies don’t fear government fines, report finds


OTTAWA — Some of the people overseeing IT security at Canadian companies don’t fear government fines for data breaches nearly as much as having their CEO splashed across the front pages of newspapers for the wrong reasons.

A new report released Thursday suggests that companies believe the fines have little impact on their finances and represent a lower cost than the brand damage inflicted by negative news coverage.

Read more here


Internet Surveillance Bill is Dead but Canada’s Telecom Transparency Gap is Alive and Well


The government’s recent decision to kill its online surveillance legislation marked a remarkable policy shift. The outcry over the plan to require Internet providers to install surveillance capabilities within their networks and to disclose subscriber information on demand without court oversight sparked an enormous backlash, leading to the tacit acknowledgment that the proposal was at odds with public opinion. 

While many Canadians welcomed the end of Bill C-30, my weekly technology law column (Toronto Star version, homepage version) notes the year-long battle over the bill placed the spotlight on an ongoing problem with the current system of voluntary disclosure of subscriber information: Internet providers and telecom companies disclose customer information to law enforcement tens of thousands of times every year without court oversight.

Read more here

Lawful Access is Dead (For Now): Government Kills Bill C-30


Bill C-30 may be dead, but lawful access surely is not.  On the same day the government put the bill out its misery, it introduced Bill C-55 on warrantless wiretapping. Although the bill is ostensibly a response to last year’s R v. Tse decision from the Supreme Court of Canada, much of the bill is lifted directly from Bill C-30.  Moreover, there will be other ways to revive the more troublesome Internet surveillance provisions. Christopher Parsons points to lawful intercept requirements in the forthcoming spectrum auction, while many others have discussed Bill C-12, which includes provisions that encourage personal information disclosure without court oversight.  Of course, cynics might also point to the 2007 pledge from then-Public Safety Minister Stockwell Day to not introduce mandatory disclosure of personal information without a warrant. That position was dropped soon after Peter Van Loan took over the portfolio. 

Read more here

Get ‘good tech people’ and ‘listen to them’

A series of targeted data breaches at up to 20 Canadian law firms in the spring of 2011 highlights the need for both increased high-tech security and mandatory breach reporting, says Privacy Commissioner Jennifer Stoddart.

Such reporting is part of federal Bill C-12, or Personal Information Protection and Electronic Documents Act(PIPEDA), which received first reading in Parliament in September.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.