Notes from the IAPP Canada Managing Director, March 15, 2019

15th March 2019 News 24 Views

A few weeks ago, I wrote in this space about how I was helping a client deal with a data breach. It was a unique case (aren’t they all?) in which it became quite difficult to determine if the legal threshold for reporting was met. The legal threshold, if you recall, is that you must report breaches if there is a “real risk of significant harm� that could result from the incident.
My comments could have been seen as a complaint to our regulators that we do not yet have a clear and practical way of making solid determinations on this very important threshold issue — what is and isn’t RROSH?
In Alberta, where they have had a mandatory and legal requirement to report breaches for a number of years, the commissioner publishes decisions in which that office has determined that there is a RROSH.  
Unfortunately, we don’t get to see those decisions when that office agrees there is no RROSH

View original article here

About author

Related articles