Thursday, June 23, 2005

Ontario IPC: Make privacy breaches reportable

Ontario's Information and Privacy Commissioner is recommending that the province pass a law requiring notification of privacy breaches, like California's law:

CBC Toronto - Make privacy breaches reportable: Cavoukian:

"CBC NEWS – Ontario's privacy commissioner says the province should pass a law requiring businesses to notify customers if there has been a security breach involving their personal information.

Ann Cavoukian says that information is often released by mistake, accessed by electronic interlopers who hack into computer systems, or accessed by rogue employees who sell it.

With the threat of identity theft on the rise, Cavoukian says consumers should have a legal right to be notified when their personal information has been compromised.

"How would you know if your information is at risk? The fastest way … is to have the organization notify you," she said.

Canadian Federation of Independent Business spokesperson Judith Andrew acknowledges that businesses have an obligation to inform customers of security breaches.

However, Andrew said make it a legal requirement is a heavy-handed response that would hurt businesses.

"A proposal for many new protocols and all that kind of thing may end up being a useful thing to do," she said, "but it's more likely to just impose a burden that's huge and difficult to comply with for the vast majority of business out there."

Cavoukian says such a law already exists in California, and is under consideration in 30 American states."

No comments: