Sunday, March 26, 2006

Updated Chronology of Major Data Privacy Breaches

Privacy Rights Clearinghouse, a U.S. organization, has updated its page that tracks data breaches since the spring of 2005.

These are breaches where "the personal information compromised includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver's license numbers".

As the website reports, 22 American states have passed laws requiring that individuals be notified of security breaches.

No Canadian province has yet instituted such legislation, except perhaps for Ontario with its Personal Health Information Protection Act, though the Ontario Privacy Commissioner has called for such a law for all sectors of society and business.

The federal Private Information Protection and Electronic Document Act (PIPEDA), in force since January 2004, requires companies that fall under its jurisdiction to protect so called 'personal information' with security safeguards that are appropriate to the sensitivity of the information. But there is now no legal requirement to report incidents of data breaches or of data theft to affected individuals in Canada.

Interestingly, some commentators have written that blanket notification laws may not be worth it.

Earlier posts on the subject:

Labels: ,

Bookmark and Share Subscribe
posted by Michel-Adrien at 8:06 pm


Post a Comment

<< Home