Companies must notify people affected by privacy breaches: watchdog
By The Canadian PressNews Data Security breach
OTTAWA — A federal watchdog says companies that lose personal customer data should be required to directly notify affected people about the lapse and detail the steps taken to reduce the harm.
The Trudeau government plans to introduce breach-notification regulations in coming months to improve transparency and help consumers.
Legislation passed last year laid the groundwork for mandatory reporting of private-sector breaches that pose a “real risk of significant harm” to individuals.
The government recently asked the public and interested parties for comment on shaping the regulations.
The federal privacy commissioner’s office says companies should have to directly notify those affected by a breach — with limited exceptions — through means such as telephone calls, emails or mailed letters.
It also urges the government to give thought to cases in which affected people live outside Canada.
Print this page
- Webinar recap: Risk & Incidents: Same playground, different castles
- Universal launches autonomous robot service