Security Breach Notification

CIPPIC has been at the forefront of efforts to legislate a data security breach notification requirement in Canada.  Beginning in March 2005, when the huge Choicepoint data breach in the USA became public, CIPPIC has advocated for laws requiring organizations to notify authorities and affected individuals when personal information is exposed to potential abuse.  In January 2007, CIPPIC issued a White Paper on this issue, canvassing US data breach notification laws and proposing approaches for Canada to take.  In 2008, CIPPIC argued for a public data breach registry to complement individual notifications and Privacy Commissioner monitoring.