Canadian public interest group criticizes data breach bill

A public interest group is criticizing Canada's attempt at a data breach bill, one which lacks a mandatory notification provision
A public interest group is criticizing Canada's attempt at a data breach bill, one which lacks a mandatory notification provision

In a recently released report, titled Data Breaches: Worth Noticing?, PIAC recommends that the data breach notification bill include a requirement that all data breaches be reported promptly to the Privacy Commissioner of Canada, who should be given the authority to order companies to notify consumers when there is a risk of significant harm from a breach.

The report also recommends that Bill C-12, an Act to amend the Personal Information Protection and Electronic Documents Act, should give the Privacy Commissioner order-making power to enforce the requirements and fining power for non-compliance.

In addition, PIAC recommends increased audit powers for the Privacy Commissioner, as well as establishment of a special data breach division within the commissioner’s office.

“Consumers clearly think that they should always be notified when a company has lost their personal information unless the Privacy Commissioner says there’s no real risk of harm to them”, said John Lawford, PIAC legal counsel and co-author of the report. “Bill C-12 is too weak to assure them that will happen”, he noted.

What’s Hot on Infosecurity Magazine?