Therrien: Funding Constraints Hamper Breach Report Responses

    Jun 03, 2016

    In testimony before the Standing Committee on Access to Information, Privacy and Ethics on May 3, Canada Privacy Commissioner Daniel Therrien expressed concern that his office lacks sufficient funding to respond to the growing number of privacy breaches that are occurring each year. The problem will get worse, he said, when the mandatory breach notification amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) take effect in the fall of 2017.

    “At this time, we are only able to cursorily review, advise and follow up on all but a few of the breach reports we receive,” Therrien said. “We expect this problem to continue in the years ahead. The increased complexity of Privacy Act investigations due to technology and the inter-connectedness of government programs are also putting added pressure on our compliance activities, with the result that too many are not completed in a timely way.”

    On March 4, Innovation, Science and Economic Development Canada issued a discussion paper regarding the development of data breach notification and reporting regulations related to the amendments adopted as part of Canada's Digital Privacy Act. Those amendments require organizations to keep a record of all data breaches, not just those that meet the mandatory reporting requirements, and report them to the Office of the Privacy Commissioner upon request.  Written comments on the discussion paper were due by May 31.

     This monthly advisory contains brief summaries of recent legislative and regulatory issues that may affect the management of records and information in Canada.

     Want to sign up to receive an e-mail version of the Canadian Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.



    © 2017, ARMA International