A public interest advocacy group says proposed changes to the Personal Information Protection and Electronic Documents Act (PIPEDA) don't go far enough in requiring organizations to report breaches, reports the Financial Post. The Public Interest Advocacy Centre says PIPEDA--even with the proposed changes--gives organizations the ability to unilaterally deem a breach not harmful to consumers, adding, "The result is likely to be a vast underreporting of serious data breaches." The group is calling for all breaches to be reported to the "relevant privacy commissioner," who would then decide whether the public should be notified. Echoing Privacy Commissioner Jennifer Stoddart's calls, the group would also like to see fines assessed to organizations that don't report breaches.
If you want to comment on this post, you need to login.