Newsletter

HOME Contact Technical Website OUR SERVICES Applications Networking Security OUR CLIENTS Client List Testimonials Case Studies FRAGMENT Current Release CONTACT ABOUT US Our Founder Our Vision Media and News Services Agrement Privacy & Terms

Data Breach Notification Coming    

CIPPIC, others calling for Data Breach Notification Law

The Canadian Internet Policy and Public Interest Clinic (CIPPIC), based in the University of Ottawa, has called for a national, publicly available, electronic registry of data breaches. This recommendation goes above and beyond their previous call for mandatory data breach notification (since supported by Industry Canada). The Industry Canada proposal currently calls for the notification of the Privacy Commissioner and of individuals affected. This is to be implemented by an amendment to the existing PIPEDA (Personal Information Protection and Electronic Documents Act) legislation.

According to CIPPIC, there are there are at least two distinct purposes of a data breach notification requirement:

1. to “encourage organizations to implement more effective measures for the protection of personal information” (“security incentives”); and
2. “enabling consumers to better protect themselves from identity theft when a breach does occur” (“individual mitigation”).
   However, they believe there are additional benefits to be seen with a public registry:
3. to provide the basis for more effective and targeted compliance actions (“compliance measures”) through the ability to monitor the frequency, nature and trends of data breaches and to identify persistent or systemic problems at an early stage;
4. to inform future policy-making through the creation of a database of information about security breaches that is available to policy analysts (“policy analysis”); and
5. to improve the functioning of a competitive marketplace through greater consumer awareness of risks both general and company-specific (“marketplace information”).

The CIPPIC report states that a national, publicly available, electronic registry of data breaches, in addition to OPC (Ontario Privacy Commissioner) and individual notification, would, if constructed appropriately, achieve the goals of security incentives, marketplace information, and policy analysis much more effectively than would OPC and individual notifications on their own.


Fragment - Current Release

---

Articles

Management IT Roles and Responsibilities Spending Enough Living With the Enemy On Passwords A Reason for Policy High Availability: People and Processes Case for Project Management Risk Management

Networking VLAN Tutorial IPs 4 Golden Rules WAN Technology primer DHCP Primer DNS: Terms and Process VPN Surfing Challenge Network Slowdown Importance of Time High Availability: Technologies

Security Beyond the Lock Spammers Go Full Circle The Guardian at the Gate A Web of Trust Data Breach Notification

Misc Electricity Primer Data Control Closing the Loop Open Source in the Enterprise Helping IT to help you