Data Breach Notification Coming    

CIPPIC, others calling for Data Breach Notification Law

The Canadian Internet Policy and Public Interest Clinic (CIPPIC), based in the University of Ottawa, has called for a national, publicly available, electronic registry of data breaches. This recommendation goes above and beyond their previous call for mandatory data breach notification (since supported by Industry Canada). The Industry Canada proposal currently calls for the notification of the Privacy Commissioner and of individuals affected. This is to be implemented by an amendment to the existing PIPEDA (Personal Information Protection and Electronic Documents Act) legislation.

According to CIPPIC, there are there are at least two distinct purposes of a data breach notification requirement:
  1. to “encourage organizations to implement more effective measures for the protection of personal information” (“security incentives”); and
  2. “enabling consumers to better protect themselves from identity theft when a breach does occur” (“individual mitigation”).
    However, they believe there are additional benefits to be seen with a public registry:
  3. to provide the basis for more effective and targeted compliance actions (“compliance measures”) through the ability to monitor the frequency, nature and trends of data breaches and to identify persistent or systemic problems at an early stage;
  4. to inform future policy-making through the creation of a database of information about security breaches that is available to policy analysts (“policy analysis”); and
  5. to improve the functioning of a competitive marketplace through greater consumer awareness of risks both general and company-specific (“marketplace information”).
The CIPPIC report states that a national, publicly available, electronic registry of data breaches, in addition to OPC (Ontario Privacy Commissioner) and individual notification, would, if constructed appropriately, achieve the goals of security incentives, marketplace information, and policy analysis much more effectively than would OPC and individual notifications on their own.

Originally published January, 2008

Fragment - Current Release


IT Roles and Responsibilities
On Passwords
Spending Enough
Planning to Fail
Living With the Enemy
A Reason for Policy
Mission Critical Messaging – Do you have a policy
Globalizing the SMB
High Availability: People and Processes
Case for Project Management
Risk Management

On Routing
VLAN Tutorial
IPs 4 Golden Rules
WAN Technology primer
DHCP Primer
Your Head in the Cloud(s)
DNS: Terms and Process
VPN Surfing Challenge
Network Slowdown
Importance of Time
High Availability: Technologies

Spammers Go Full Circle
Beyond the Lock
The Guardian at the Gate
A Web of Trust
Data Breach Notification

Electricity Primer
Data Control
Open Source in the Enterprise
Closing the Loop
Helping IT to help you
Your ICT Keystone

eSubnet Services

Contact us regarding your network,
security and Internet services needs

All content © eSubnet 2003-2021