Amendments to the Personal Information Protection and Electronic Documents Act, which require mandatory reporting of unauthorized disclosure of personal information by private sector organizations, come into effect today, but federal Privacy Commissioner Daniel Therrien says his office was not given additional
resources to handle the data-breach reporting.
his office only has just two people assigned to analyze data-breach reports
and provide risk-mitigation advice.
“We think that's insufficient, grossly insufficient,” Therrien told Legal Feeds. “The net effect is that yes, we will analyze breach reports and provide advice to companies on how to mitigate risk. But we will have to do that in the most egregious of cases, leaving a large number of breach reports that will be only superficially reviewed.”