Notes from the IAPP Canada Managing Director, Nov. 5, 2021

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Sometimes I worry there may be a bit of breach fatigue. And that, my friends, is a dangerous thing.

At least breach notification is in many private sector laws, although assessing the real risk of significant harm is still somewhat subjective, despite some existing guidance.

How the government continues to hold itself to a much lower standard since there is no breach requirement by government in law still astounds me. At least it looks like the federal department of justice will recommend some sort of data breach regime in the new Privacy Act.

But in the meantime, the lack of accountability with respect to personal information handling practices is probably why we have this latest story which, I would argue, carries a heck of a lot more RROSH than what could happen if the information held by a business were to be compromised. The story highlights that the Conservatives have written to Privacy Commissioner Daniel Therrien to complain about a pattern of data breaches

Read the article