Michael Geist's LawBytes column in the Toronto Star is devoted to why he believes PIPEDA should be revised:
TheStar.com - Revise privacy law to protect public, not offenders:"...The time has come to lift the veil of secrecy surrounding privacy and security breaches in Canada. For every case that comes to light, there is little doubt that there are many more that remain hidden from public view.
From a privacy compliance perspective, experience illustrates that mandatory reporting requirements provide an effective motivation for organizations to take their privacy and security obligations seriously. With identity theft at an all-time high, they also ensure that the public is kept informed about the security of their personal information and better positioned to monitor their credit reports and credit card activity for suspicious activity.
Former IBM CEO Louis Gerstner once noted that 'people don't do what you expect, they do what you inspect.' For Canada's privacy legislation to meet expectations, we need more inspection and better disclosure practices. A mandatory self-reporting system on privacy and security breaches would be a step in the right direction."
One of the most interesting statistics from Michael's article is that 1/3 of companies changed security procedures after the law was introduced. Very interesting ...
ReplyDelete