Association of Corporate Counsel (ACC)

Welcome back Mr Bufithis







Alberta privacy breaches to be reported

View original document | Send to colleague | Print | Suggest a topic (new)
Davis LLP
Canada
April 28 2010

On May 1, 2010 amendments to Alberta's privacy legislation come into effect. The Personal Information Protection Amendment Act will include Canada's first mandatory breach notification requirements. Effective May 1, organizations covered by PIPA, the Personal Information Protection Act, may be required to notify the Privacy Commissioner of a loss, theft, or unauthorized disclosure of personal information, including personal employee information. Businesses that are not government bodies or public bodies will be subject to the new breach notification requirements.    

The new legislation requires organizations to report a breach where "a reasonable person would consider that there exists a real risk of significant harm to an individual as a result of the loss or unauthorized access or disclosure ." Where this "real risk" threshold is met, the organization must notify the Privacy Commissioner of the breach. The Commissioner may then require the organization to notify individuals, such as employees or clients, to whom there is a real risk of significant harm as a result of the loss or unauthorized access or disclosure.

The Alberta Privacy Commissioner's Office previously encouraged reporting incidents where there has been an unauthorized access of personal or employee information. Reporting allows an organization to get timely advice, enables the Commissioner to better respond to complaints about the breach should any be received, and may be seen in a positive way by the public, customers or employees, as being transparent.

At least in theory, reporting after the mandatory reporting requirements come into effect should offer the same advantages, and possibly the added benefit of the protection to an organization of relying on the order of the Commissioner. It will be interesting to see how organizations view and respond to the new requirements.

It will also be interesting to see if information based the number and types of breaches reported could lead to a better understanding of the real risks relating to loss or unauthorized disclosure of information and enhanced measures businesses can implement to better protect the personal they maintain.  

Debbie L. Dresen

Debbie L. Dresen

Popular related articles

  1. Corruption of government officials: gifts that keep on giving (Lang Michener LLP)

    With the recent shocking findings of the Oliphant Inquiry concerning apparently "gratuitous" cash payments to former prime minister Brian Mulroney, and the current high-profile Basi/Virk trial in British Columbia regarding allegations of bribery and corruption, it is perhaps time for a short lesson in the law related to corruption of public officials.

  2. Examples of deficient and entity-specific MD&A disclosure (Cassels Brock & Blackwell LLP)

    Revenue increased from $900,000 to $1,080,000, a 20% increase.

  3. Update on foreign investment in Canada (Fraser Milner Casgrain LLP)

    Over the past year Canada has witnessed a number of significant developments in its foreign investment review process.

  4. Amendments proposed to U.S. ITAR to address Canadian human rights law concerns (Stikeman Elliott LLP)

    The International Traffic in Arms Regulations ("the ITAR") issued by the U.S. Government have been the subject of significant controversy in Canada.

  5. Court upholds certification of class action in price-fixing case (Stikeman Elliott LLP)

    In a judgment rendered June 8, 2010, the Ontario Superior Court dismissed a motion by FMC Corporation and FMC of Canada, Ltd. (collectively, FMC) for leave to appeal a September 28, 2009 decision certifying a class action.

  1. Online ad network sued over tracking using flash cookies (Hunton & Williams LLP)

    On August 18, 2010, a complaint was filed in the U.S. District Court for the Central District of California, alleging that Specific Media, Inc. violated the Computer Fraud and Abuse Act, as well as state privacy and computer security laws, by failing to provide adequate notice regarding its online tracking practices.

  2. Information Commissioner offers guidance on school photos (Mills & Reeve LLP)

    The Information Commissioner has recently issued guidance, specifically aimed at Local Education Authorities and those working within the education sector, addressing the confusion surrounding the taking of photographs and videos in educational institutions.

  3. ID scanning and privacy issues: new guidelines (Blake Dawson)

    Increasingly, clubs and pubs are using technology to electronically capture identity information about their customers.

  4. HHS releases proposed changes to HIPAA privacy, security and enforcement rules (Baker Donelson Bearman Caldwell & Berkowitz PC)

    On July 14, 2010, Secretary Kathleen Sebelius of the United States Department of Health and Human Services (HHS) published notice in the Federal Register of proposed rulemaking1 aimed at "strengthening" the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy, security and enforcement regulations (collectively referred to as the "HIPAA Rules") and as required by the Health Information Technology for Economic and Clinical Health Act (HITECH Act), which was enacted as a part of the American Recovery and Reinvestment Act of 2009.

  5. How secure is your customer data? (MacRoberts LLP)

    The Financial Services Authority ("FSA") has imposed a fine of £2.27 million on the UK branch of insurance company Zurich for loss of customer data.

  1. Limitations in use of purchase-money security interest in cross-collateralization (Davis LLP)

    A recent decision of the Alberta Queen's Bench has raised some questions about purchase-money security interest ("PMSI") proceeds and cross-collateralization of assets secured by these types of security interests.

  2. Protecting privacy when employees depart (Davis LLP)

    Clients often ask if an employer may brief employees (or send a memo) when an employee leaves the organization.

  3. Canada and U.S. invest in leading carbon capture and storage project (Davis LLP)

    This week, the Honourable Christian Paradis, Canada's Minister of Natural Resources, and Steven Chu, Secretary of the U.S. Department of Energy, announced a total of $5.2 million in new funding for the International Energy Agency (IEA) Greenhouse Gas Weyburn-Midale CO2 Monitoring and Storage Project.

  4. Alberta's new privacy rules for organizations that utilize service providers outside Canada (Davis LLP)

    Organizations in Alberta that utilize service providers outside Canada to manage personal information should be aware of several recent amendments made to Alberta’s Personal Information Protection Act (“PIPA”).

  5. BC tables Clean Energy Act (Davis LLP)

    On April 28, the government of British Columbia announced the introduction of a new Clean Energy Act.

Most popular articles on Lexology

View original document | Send to colleague | Print

If you are interested in submitting an article to Lexology, please contact Andrew Teague at ateague@lexology.com.

© Copyright 2006-2010 Globe Business Publishing Ltd