Apparently, Canada is behind the curve on “breach notification” legislation. In the “Reality V2.0” blog, I came across this interesting note, which surprised me…

“The Canadian Internet Policy and Public Interest Clinic is requesting that changes be made to the Personal Information Protection and Electronic Documents Act (PIPEDA) to force businesses to inform those whose personal information may have been compromised as a result of a security breach. ”

Usually, Canadian laws tend to mirror US laws when it comes to security issues (passport laws aside). I would have thought we already had a law saying companies have to disclose to stakeholders when they have had a security breach. I guess I was wrong.

- Scott