Privacy commissioner releases privacy breach guidelines
Last Updated: Friday, August 3, 2007 | 1:38 PM ET
CBC News
New guidelines have been drawn up to help businesses take the right steps after a privacy breach, including notifying people after their personal and financial information has been stolen, lost or mistakenly disclosed, says the privacy commissioner of Canada, Jennifer Stoddart.
The guidelines outline some of the key steps in responding to a breach, such as containing it, evaluating the risks associated with it, notifying the people affected and preventing future breaches.
The guidelines call on businesses to notify people that their personal information has been compromised in cases where the breach "raises a risk of harm." For example, there may be a risk of identity theft or fraud in cases where sensitive personal information has been lost or stolen.
Organizations are also encouraged to inform the appropriate privacy commissioner in their province that there has been a breach.
The federal office is currently investigating two high-profile privacy breach cases involving large amounts of personal information.
In one case, the Canadian Imperial Bank of Commerce reported the disappearance of a computer hard drive containing the personal information and financial data of close to half a million clients of its investment subsidiary, Talvest Mutual Funds.
The other investigation, being conducted jointly with the information and privacy commissioner of Alberta, is looking at a breach at TJX Companies Inc., involving thousands of Canadians who shopped at TJX's Winners and HomeSense stores.
"It's clear that most businesses take seriously their responsibilities under Canada's private-sector privacy law," Stoddart said.
She said the new guidelines are voluntary and that there's still a need for federal legislation to compel businesses to notify people when their personal information has been breached.
Earlier this year, Stoddart urged the federal government to amend the Personal Information Protection and Electronic Documents Act (PIPEDA) to make such notification mandatory for businesses.
Share Tools
Top News Headlines
- Outrage grows over Syria killings
- Syrian authorities have blocked a top aide of envoy Kofi Annan from heading to Damascus as world leaders condemn one of the bloodiest single events in Syria's 14-month-old uprising. more »
- Montreal protesters march in peaceful defiance
- The clanging of pots and pans sounded throughout Montreal's downtown core Saturday night and into early Sunday morning, as thousands of protesters marched on in peaceful — but loud — defiance of Bill 78. more »
- Quebec actress captures Cannes prize
- Canadian Suzanne Clement has been awarded the Best Actress prize in the Cannes Film Festival's sidebar competition, Un Certain Regard. more »
- Lady Gaga nixes Indonesia show after threats
- Lady Gaga cancelled her sold-out show in Indonesia after Islamist hard-liners threatened violence, claiming her sexy clothes and provocative dance moves would corrupt the youth. more »
- Teen struck by lightning in Ottawa dies
- Missing Winnipeg children found in Mexico
- Quebec tornadoes cause millions in damage
- Montreal protesters march in peaceful defiance
- Woman's remains found in hockey bag on Cape Breton river
- Outrage grows over Syria killings
- Pope's butler arrested in Vatican leaks scandal
- Everest team unable to bring down Toronto woman's body
- WWE apologizes to Brazil over Canadian's flag stomp
