in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Canada Data Breach Law: Fines Coming To PIPEDA?

Canada Industry Minister Tony Clement says he's open to the idea of fines for data breaches involving customer information.  It appears to be a response to last week's call for "attention-getting fines" by Canada's Privacy Commissioner.  Canada does have data protection laws (PIPEDA, Personal Information Protection and Electronic Documents Act), that require, among other things, the use of data security tools like data encryption software from AlertBoot.

However, under the current laws, the Privacy Commissioner currently doesn't have the ability to impose fines.  Furthermore, companies involved in a breach are not required to report the fact to the commissioner's office.

PIPEDA Needs Updating

The requirement to use encryption software is a pretty advanced once, if I may so.  A handful of countries have made the use of encryption mandatory.  In the US, Massachusetts is the only state that has done so, as far as I know.

Most governments and regulating organizations, however, fall short of requiring it, seemingly content in extending safe harbor from punitive data breach laws if encryption is used.  The results on offering the "data encryption carrot" and "breach notification letter stick" have been mixed so far: many companies have begun using data encryption in the workplace to secure data, and even more are looking into it or seriously considering it, but the stories of data breaches haven't stopped growing in the years since such laws have been codified.

Canada is one of the few nations that does require encryption.  However, there aren't any penalties for not encrypting data under that law.

I Thought PIPEDA has Fines of $100,000?

I have found that there is a maximum fine of $100,000 per violations of PIPEDA but it' not aimed at data breaches.  Rather, it's for certain "indictable offences" (foglerrubinoff.com):

  • Destroy personal information that an individual has requested;
  • Retaliate against an employee who has complained to the Commissioner or who refuses to participate in a violation of PIPEDA; and
  • Obstruct or otherwise refuse to co-operate with the Commissioner in the investigation and resolution of a complaint

As long as a company doesn't do any of the above, it can lose laptops full of customer info and, well, not do anything about it.  Companies don' t even have to notify individuals affected by the breach if they don't think an incident poses significant harm.


Related Articles and Sites:
http://www.montrealgazette.com/technology/Clement+backs+fines+data+leaks/4743404/story.html
http://www.priv.gc.ca/information/guide_e.cfm
http://www.foglerrubinoff.com/pdfs/Pub_Business_Law_and_Securities/PIPEDA%20is%20Coming.pdf

 
<Previous Next>

Laptop Encryption Software: Police Cruiser Computer Data Was Protected With Encryption

Data Encryption Software: Not Used In Stolen Catholic Social Services Computer

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.