Privacy experts are recommending that proposed legislation to compel Canadian businesses to disclose when they lose customer data include federal fines, itbusiness.ca reports. Bill C-29 seeks reforms to the Personal Information Protection and Electronic Documents Act, including a notification requirement that "any material breach of security safeguards involving personal information" be reported to the Office of the Privacy Commissioner (OPC), and, if there is a potential risk of "significant harm to any individuals," to those individuals as well. Privacy experts suggest another step. As Michael Geist put it, "It's quite clear we need to have real penalties so part of that risk assessment is the real costs associated with it."
If you want to comment on this post, you need to login.