|
||
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: |
FORCE FIRMS TO DISCLOSE DATA PRIVACY BREACHES, REPORT URGESPosted on January 19, 2012 As Ottawa mulls whether to update Canada's existing privacy laws, one consumer rights group argues the proposal doesn't go far enough. Bill C-12, which went through first reading in the House of Commons three months ago, would change the Personal Information Protection and Electronic Documents Act (PIPEDA) to require Canadian companies to report incidents involving the theft or loss of personal information. Currently PIPEDA does not require disclosure of data breaches and Alberta is the only province to have mandated such a requirement. In a report published this week, the Public Interest Advocacy Centre (PIAC) criticized the bill, claiming it provides "excessive discretion to organizations that have had a data breach, allowing them unilaterally to characterize the breach as non-harmful to consumers." "In so doing, organizations gain the benefit of a largely unreviewable decision in the face of a manifest and undeniable conflict of interest. The result is likely to be a vast under-reporting of serious data breaches, which puts consumer welfare at excessive risk," the report said. The Ottawa-based advocacy group would prefer legislation making timely disclosures of all data breaches to "the relevant privacy commissioner" mandatory, with "clear monetary penalties" for those who keep breaches to themselves. The privacy commissioner would then be able to independently determine whether the public needs to be informed. "Consumers clearly think that they should always be notified when a company has lost their personal information unless the Privacy Commissioner says there's no real risk of harm to them," John Lawford, the group's legal counsel and co-author of the report, said in a release. "Bill C-12 is too weak to assure them that will happen." The report echos comments made by Jennifer Stoddart, Privacy Commissioner of Canada, in a speech made at the Canada 3.0 forum in Stratford Ontario last May. Ms. Stoddart called for her authority to be expanded to include the ability to levy financial penalties against companies who fail to protect sensitive customer data from being stolen by computer hackers. "It seems to me that it's time to begin imposing fines - significant, attention-getting fines - on companies when poor privacy and security practices lead to breaches," Ms. Stoddart said eight months ago, noting her counterparts in France and the United Kingdom already have the ability to impose substantial fines. Growing incidents of high-profile cyber attacks targeting personal data in recent months have served as an impetus for legal reform. In 2010, Canadians collectively lost US$5.5-billion as a result of such attacks. Common targets have since included websites rich with sensitive information - such as Vancouver-based PlentyOfFish, eHarmony and TripAdvisor - all had their security penetrated in the past year. But Sony Corp. suffered by far the most damaging data breach in recent history when more than 100 million PlayStation Network accounts were hacked last April. Analysts have estimated the breach to cost Sony upwards of US$1.5-billion in lost revenues, though the final price tag could be far higher. Last May, a Toronto law firmfiled a proposed class action lawsuit against Sony Corp. for allowing hackers to gain such widespread access to its network, naming a 21-year-old PlayStation user from Mississauga, Ontario, as lead plaintiff. The suit is seeking up to US$1-billion in damages. As the likelihood of even more costly data breaches occurring in the future grows, so too are demands for the public to be kept informed.
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
ALERT WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |