#CyberFLASH: ‘Unprecedented’ number of online privacy breaches reported in Alberta

edmonton-alta-may-13-2015-jill-clayton-the-informatioAlberta’s privacy commissioner is seeing an “unprecedented” number of breach reports under the province’s Personal Information Protection Act, including e-commerce hacks, ransomware and phishing scams.

A 15-member committee is in the midst of reviewing the act, which was last updated in 2010, and Wednesday heard suggestions from 10 presenters.

That included provincial privacy commissioner Jill Clayton, who told Postmedia afterwards that while she doesn’t think the act is a broken piece of legislation, she would like to see it tightened in a few areas, including extending it to cover non-profits and requiring organizations to have privacy management programs in place.

Clayton would also like to see the act address transparency reports when private organizations are compelled to disclose information to law enforcement or government agencies, including the number and nature of requests and disclosures, and their legal authority.

She said government agencies and law enforcement are increasingly relying on personal information collected by the private sector but, as the law stands, there’s no way for people to know the number, scale, frequency of or reasons for disclosures without consent.

“I think the public might be surprised at how often private sector businesses are giving up information to police, to law enforcement,” she said.

“The idea of transparency reports is to shine a light on that kind of disclosure.”

Read more here

#CyberFLASH: Canadian Government Amends and Strengthens PIPEDA, Adding Breach Notification Requirement and Filling Other Gaps

n-ONLINE-PRIVACY-largeJust prior to recessing for the summer, the Canadian government enacted the Digital Privacy Act. It includes a number of targeted amendments to strengthen existing provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA), but falls short of providing the Privacy Commissioner of Canada (Commissioner) with direct enforcement powers, as some stakeholders—including the former Commissioner—had proposed.

The Digital Privacy Act was introduced in April 2014 as part of the government’s “Digital Canada 150” strategy. While it was touted as providing new protections for Canadians when they surf the web and shop online, there is nothing that is particularly “digital” about the bill, which will equally affect the bricks and mortar, paper-based world.

Of particular note, the Digital Privacy Act creates a duty to report data breaches to both the Privacy Commissioner and to affected individuals “where it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to the individual.” Failure to report data breaches in the prescribed manner could result in fines of up to $100,000 for non-compliant organizations. While the majority of the new law is currently in force, the provisions relating to breach notification have yet to be proclaimed in force by the government.

Once in force, the mandatory breach-reporting regime will bring the federal law into alignment with many international laws, as well as with Alberta’s own Personal Information Protection Act, which has had a breach notification provision since 2009. However, unlike the Alberta law, the Digital Privacy Act would also require organizations to maintain records of all data breaches involving personal information under their control—even if they do not require reporting to the Commissioner or to affected individuals—and to provide these records to the Commissioner on request. Failure to comply with these requirements could also result in a fine of up to $100,000.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.