Canadian Security Magazine

News Data Security
Companies must notify people affected by privacy breaches: watchdog

OTTAWA — A federal watchdog says companies that lose personal customer data should be required to directly notify affected people about the lapse and detail the steps taken to reduce the harm.


July 11, 2016
By The Canadian Press

Topics

The Trudeau government plans to introduce breach-notification regulations in coming months to improve transparency and help consumers.

Legislation passed last year laid the groundwork for mandatory reporting of private-sector breaches that pose a “real risk of significant harm” to individuals.

The government recently asked the public and interested parties for comment on shaping the regulations.

The federal privacy commissioner’s office says companies should have to directly notify those affected by a breach — with limited exceptions — through means such as telephone calls, emails or mailed letters.

Advertisment

It also urges the government to give thought to cases in which affected people live outside Canada.