Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic
Security Breach Notification
Security Breach Notification
CIPPIC has been at the forefront of efforts to legislate a data security breach notification requirement in Canada. Beginning in March 2005, when the huge Choicepoint data breach in the USA became public, CIPPIC has advocated for laws requiring organizations to notify authorities and affected individuals when personal information is exposed to potential abuse. In January 2007, CIPPIC issued a White Paper on this issue, canvassing US data breach notification laws and proposing approaches for Canada to take. In 2008, CIPPIC argued for a public data breach registry to complement individual notifications and Privacy Commissioner monitoring.
Resources
- CIPPIC News Release on Choicepoint data breach (March 2005)
- CIPPIC comments to Consumer Measures Committee on ID Theft (Sept 2005)
- CIPPIC Submission to Parliamentary Committee on PIPEDA Reform (November 2006)
- CIPPIC White Paper on Approaches to Security Breach Notification (January 2007)
- CIPPIC Submission to Industry Canada on PIPEDA Reform (January 2008)
- CIPPIC Comments on Industry Canada's Proposed Model for Breach Notification (April 2008)
