Companies must directly notify people affected by privacy breaches: watchdog
OTTAWA — Companies that lose personal customer data should be required to directly notify affected people — with limited exceptions — about the nature and date of the lapse along with steps taken to reduce the harm, says the federal privacy watchdog.
The Trudeau government plans to introduce breach-notification regulations in coming months to improve transparency and help consumers.
Several large businesses have been stung by hackers in recent years, causing embarrassment for proprietors and potential headaches for customers whose personal and financial details are suddenly circulating in cyberspace.
Legislation passed last year laid the groundwork for mandatory reporting of private-sector breaches that pose a “real risk of significant harm” to individuals.