Firms not required to inform victims of privacy breach under new rules

Sarah Schmidt reports:

Companies can decide whether to tell their customers when they lose their personal information or hackers steal it, according to legislation tabled Tuesday by the Conservative government.

The proposed amendments to Canada’s private sector privacy law will require banks, retailers and other companies to inform Canada’s privacy watchdog if they’ve experienced a “material” data breach of personal information, but they will only have to notify affected individuals “when the organization deems the breach to pose a real risk of significant harm, such as identity theft or fraud, or damage to reputation.”


About the author: Dissent

Comments are closed.