Federal Privacy Commissioner Releases Privacy Breach Guidelines
Ottawa, August 1, 2007 – New guidelines will help organizations take the right steps after a privacy breach, including notifying people at risk of harm after their information has been stolen, lost or mistakenly disclosed, says the Privacy Commissioner of Canada, Jennifer Stoddart. For more, see http://www.privcom.gc.ca/media/nr-c/2007/nr-c_070801_e.asp. The Ontario, British Columbia and Alberta privacy commissioners have each issued their own guidelines on the same subject.
What would you to do if you realized that your organization had breached provisions of federal or provincial privacy legislation? Do you have a legal duty to notify individuals whose personal information was disclosed (whether inadvertently or not)? What are the legal consequences if you try to cover it up? Are these federal and provincial guidelines binding on you? If you elect to notify the affected individuals, what form should the notification take? What information should it include? Will this be good enough? Although the federal guidelines are not law, they are as good a place as any to start looking for answers. Or give us a call.