Home > United Nations Online Network in Public Administration and Finance (UNPAN)
1. Global
Global
2. Africa
Africa
3. Arab States
Arab States
4. Asia & Pacific
Asia & Pacific
5. Europe
Europe
6. Latin America & Caribbean
Latin America & Caribbean
7. North America
North America
UNPAN North America
Public Administration News  
Share
Canada: Digital Privacy Act Will Require Firms to Report Data Breaches
Source: itbusiness.ca
Source Date: Friday, April 04, 2014
Country: Canada
Created: Apr 15, 2014

In the slew of announcements from the Digital Canada 150 strategy today, measures to protect privacy weren’t forgotten – while details about updates to privacy legislation were scant, it was made clear the government will pursue a new requirement that firms report data breaches to the Privacy Commissioner of Canada.

Speaking from Waterloo, Ont. on Friday, Industry Minister James Moore said he would be in the House of Commons next week to unveil new legislation called the Digital Privacy Act. The act is designed to be an update to the Personal Information Protection and Electronic Documents Act (PIPEDA), he said. After referencing the recent Target data breach, Moore gave one clue about what to expect in next week’s legislation.

“What we will put in place in this legislation is a mandate that firms that have this private personal information, if there’s any data breach, they can’t sit on it, they have to immediately inform those customers,” he said. “They have to tell them about the mitigation taking place to protect the information and they have to inform the privacy commissioner.”

Moore added the Office of the Privacy Commissioner of Canada would be getting new powers and responsibilities to protect Canadians’ privacy online. Though he did not outline exactly how the privacy commissioner’s role would change, he indicated the Digital Privacy Act wouldn’t dramatically change the office’s role.

A private member’s bill previously brought to the House of Commons “went too far in my view in providing prosecutorial powers to the privacy commissioner. This one doesn’t do that,” he said. “It provides new tools, but it still provides the ombudsman role for the privacy commissioner.”

In an emailed statement, a spokesperson for the privacy commissioner said the office was also still waiting on more information.

“What we can tell you at this point is that we are encouraged by this morning’s announcement and look forward to seeing the details. For some time now, our Office has been saying that PIPEDA needs to be updated to better protect the privacy rights of Canadians and ensure consumer trust in the digital economy,” the email read, adding the law needs to be modernized for stronger powers for enforcement, as well as a mandatory policy getting companies to report data breaches when they occur.

What remains to be seen is the exact wording of the legislation for both data breach reporting and the privacy commissioner’s role, said John Lawford, executive director of the Public Interest Advocacy Centre (PIAC).

“It’s not very clear. Aside from vaguely defined enforcement powers, we don’t know how it will translate,” he said. “During the question and answer part after, Moore did say the [privacy] commissioner can’t be proactive, and won’t be an inquisitor … But the wording is all important.”

Like the privacy commissioner’s office, one thing PIAC is hoping for is a policy where businesses must inform the privacy commissioner if they’ve suffered a data breach. Right now, that’s a voluntary action – but PIAC wants the privacy commissioner to be able to fine businesses if they fail to say anything.

Still, for a strategy that was four years in the making, the lack of detail was disappointing for David Christopher, communications manager of OpenMedia.ca. Nor was he optimistic about the kind of new powers the privacy commissioner would be receiving.

“He seemed to downplay the prospect of giving the privacy commissioner extra powers,” Christopher said. “It seems like that’s not going to be beefed up the way it needs to be.”

News Home

 Tag This
 Tell A Friend
del.icio.us digg this Slashdot
Rate:
0 ratings
Views: 33

Comments: 0 Bookmarked: 0 Tagged: 0



0 Comments | Login to add comment

Site map | FAQs | Terms and Privacy | Contact Us
Copyright 2008-2010 by UNPAN - United Nations Public Administration Network