British Columbia’s privacy chief wants companies to be forced to report security breaches.
B.C. Information and Privacy Commissioner Elizabeth Denham said the province needs to amend its Personal Information Protection Act, according to a report by CBC News.
She has been calling for such a change since 2008. She said she fears B.C. will be left behind by other jurisdictions if it fails to act soon.
“I think it should be the in law,” Denham said in an interview with CBC News.
“I think the impact of that will be that individuals will know when there’s been a significant breach affecting them, and secondly there will be more investment in the security of personal information if there’s a mandatory requirement in law,” she said.
Denham’s office investigated 500 cases of privacy breaches last year in both the private and public sector. While public bodies are required by legislation to report data breaches to the government’s Chief Information Officer, no similar rules apply to private organizations.
Last month, Denham’s office criticized the University of Victoria for failing to protect personal information in what she called a “foreseeable and preventable” breach.