Digital Privacy Act will require firms to report data breaches: Moore

In the slew of announcements from the Digital Canada 150 strategy today, measures to protect privacy weren’t forgotten – while details about updates to privacy legislation were scant, it was made clear the government will pursue a new requirement that firms report data breaches to the Privacy Commissioner of Canada.

Speaking from Waterloo, Ont. on Friday, Industry Minister James Moore said he would be in the House of Commons next week to unveil new legislation called the Digital Privacy Act. The act is designed to be an update to the Personal Information Protection and Electronic Documents Act (PIPEDA), he said. After referencing the recent Target data breach, Moore gave one clue about what to expect in next week’s legislation.

“What we will put in place in this legislation is a mandate that firms that have this private personal information, if there’s any data breach, they can’t sit on it, they have to immediately inform those customers,” he said. “They have to tell them about the mitigation taking place to protect the information and they have to inform the privacy commissioner.”

Moore added the Office of the Privacy Commissioner of Canada would be getting new powers and responsibilities to protect Canadians’ privacy online. Though he did not outline exactly how the privacy commissioner’s role would change, he indicated the Digital Privacy Act wouldn’t dramatically change the office’s role.

A private member’s bill previously brought to the House of Commons “went too far in my view in providing prosecutorial powers to the privacy commissioner. This one doesn’t do that,” he said. “It provides new tools, but it still provides the ombudsman role for the privacy commissioner.”

In an emailed statement, a spokesperson for the privacy commissioner said the office was also still waiting on more information.

“What we can tell you at this point is that we are encouraged by this morning’s announcement and look forward to seeing the details. For some time now, our Office has been saying that PIPEDA needs to be updated to better protect the privacy rights of Canadians and ensure consumer trust in the digital economy,” the email read, adding the law needs to be modernized for stronger powers for enforcement, as well as a mandatory policy getting companies to report data breaches when they occur.

What remains to be seen is the exact wording of the legislation for both data breach reporting and the privacy commissioner’s role, said John Lawford, executive director of the Public Interest Advocacy Centre (PIAC).

“It’s not very clear. Aside from vaguely defined enforcement powers, we don’t know how it will translate,” he said. “During the question and answer part after, Moore did say the [privacy] commissioner can’t be proactive, and won’t be an inquisitor … But the wording is all important.”

Like the privacy commissioner’s office, one thing PIAC is hoping for is a policy where businesses must inform the privacy commissioner if they’ve suffered a data breach. Right now, that’s a voluntary action – but PIAC wants the privacy commissioner to be able to fine businesses if they fail to say anything.

Still, for a strategy that was four years in the making, the lack of detail was disappointing for David Christopher, communications manager of OpenMedia.ca. Nor was he optimistic about the kind of new powers the privacy commissioner would be receiving.

“He seemed to downplay the prospect of giving the privacy commissioner extra powers,” Christopher said. “It seems like that’s not going to be beefed up the way it needs to be.”

To read the Digital Canada 150 report, head over here.

With files from Brian Jackson.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Candice So
Candice Sohttp://www.itbusiness.ca
Candice is a graduate of Carleton University and has worked in several newsrooms as a freelance reporter and intern, including the Edmonton Journal, the Ottawa Citizen, the Globe and Mail, and the Windsor Star. Candice is a dog lover and a coffee drinker.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs