The Privacy Commissioner of Canada, Jennifer Stoddart, has released the Annual Report to Parliament 2007, a Report on the Personal Information Protection and Electronic Documents Act (PIPEDA). The report details whether companies are complying with PIPEDA.

The Commissioner has called 2007 the “year of the data breach“, in Canada as well as the rest of the world. The report reminds us that PIPEDA imposes a legal obligation on businesses to safeguard personal data, and that human errors and a “cavalier approach to security” resulted in too many data breaches.

“Businesses recognize the value of personal information to themselves – for targeted marketing campaigns, for example. Unfortunately, this perception doesn’t always translate into security measures up to the job of protecting the information from criminals.”

The report indicates that half of the 37 voluntarily reported data breaches in Canada involved electronically stored data, often held in a format not secured with firewalls or encryption.

An important area in the report addresses global concerns where data breaches can be cross-border in an International, not just National sense. This has vast implications for privacy and the responses to data breaches. In a similar line, the trends of private-sector organizations (airlines, banks) collecting personal information for the state blur the lines between privacy and security.

“The way we address security needs to reflect our society’s fundamental values – including the right to privacy. We must constantly ask ourselves why we accept the growing shift towards security at the expense of privacy. Is it always justified? Is it irreversible?”

The report points out that information technology was a component of nearly every privacy issue and complaint in 2007, and that the privacy impacts of such technologies must be understood and mitigated by consumers and businesses alike.

Ms. Stoddart has laid out many recommendations in the report about how businesses should comply with the 10 “golden rules” of privacy set out in PIPEDA. In addition to great policy & procedure recommendations, the report urges the Canadian government to adopt breach notification legislation.

“Breach notification offers people a choice. Individuals can decide for themselves how to respond to a breach. One person could decide that it would be a good idea to check her credit report more often. Another person may feel no action is warranted.”

You can read the full report here.

hat tip to Jonathon ; via national post Tags: , , , , , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati