I received yet another breach notification letter in the mail this week. I’ve lost count of how many that is already this year. This time, it was the National Research Council (NRC) informing me that my information may have been compromised as part of a security "incident." In the newspaper that same day, there was an article about how the computer systems at NRC were compromised by the Chinese government. Whoa—that is a breach, indeed.
The letter to me lacked some pretty basic details you would expect, like informing me of what information may have been compromised. So, this left me scratching my head because I'm not even sure why the NRC would have my information in the first place.
Apparently the lack of details in their notification letter was for “security reasons." All I can imagine is that it somehow relates to how the hackers were able to infiltrate a federal government institution. In a way, it was interesting to see how quickly I was notified. I just wonder if maybe they jumped the gun. Perhaps if they’d waited a touch they might have actually had something useful to share with me. I think those affected would have found that perfectly reasonable.
This all makes me wonder about the entire breach notification regime that seems to have developed on a rather ad hoc basis in Canada. I think it’s high time there is something meaningful done to manage these breaches properly, and I don’t think sending lame letters that just lead to more confusion is necessarily the answer. I wonder if our lawmakers and regulators are feeling the burden caused by the increase and if they, too, see a need for improvement.
If you want to comment on this post, you need to login.