Disclosing breaches shouldn’t be optional – regardless of whether we’re talking about the U.S., Canada, or the EU.
Ellen Roseman writes:
Do you have a right to be notified if your confidential data is exposed to others online?
Only Alberta has mandatory security breach reporting. The federal government and some provinces are trying to change their laws, but haven’t done so.
The Heart and Stroke Foundation of Canada faced a dilemma in the past week. Should it notify 123,000 people whose names and email addresses were posted on the Internet by mistake?
The story began when a Star reader stumbled upon the security breach and contacted me.
“I answered a questionnaire sent out by a restaurant and received an email coupon as thanks,” he said. “I noticed that the URL of the coupon was surprisingly unsecured and unprofessional.”
He did some exploring and found an entire directory that was open for browsing on the Internet. It was set up by a Toronto marketing firm, The Email Company, which had worked for the Heart and Stroke Foundation.
Read more on Toronto Star.