Canada Lags On Privacy Breach Disclosure

The change in practice is due in large measure to the State of California's SB1386, a two-year old law, which mandates that companies and agencies that do business in the state or possess personal information of state residents must report breaches in the security of personal information in their possession. Companies are required to act quickly, notifying customers in writing, electronically, or by prominently posting the information on their website. The California law has spawned nearly a dozen imitators throughout the United States as other states seek to provide their residents with similar protections. Moreover, pressure has begun to build on the U.S. Congress to adopt a national reporting law to provide all residents with equal treatment and to ensure that all companies face a single nationwide standard. Unfortunately, no similar law exists in Canada. In fact, until Ontario Privacy Commissioner Ann Cavoukian publicly called for the adoption of such a law late last month, no Canadian privacy commissioner at either the federal or the provincial level had used their position to pressure for such reforms. Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He can reached at mgeist@uottawa.ca or online at http://www.michaelgeist.ca. http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Article_Type1&c=Article&cid=1120429209287&call_page=TS_@Biz&call_pageid=971794782442&call_pagepath=Business/@Biz&pubid=968163964505&StarSource=email

Note: http://www.michaelgeist.ca http://www.thestar.com/...