Keywords
data security breaches, PIPEDA
Abstract
This article examines the problems associated with data security breaches from two different, but not mutually exclusive, perspectives. The first part of the article examines the need for notification in the event of a data security breach and proposes an amendment of the Personal Information Protection and Electronic Document Act (PIPEDA) to create a legal, or statutory, obligation in Canada to compel disclosure or notification of data security breaches. My recommendations are based on the examination of legislation from other legal jurisdictions, highlighting, where necessary, the shortcomings of the legislation, which ought to be taken into consideration in amending PIPEDA or in drafting a model data security breach notification legislation in Canada.
The second part of the article examines the resort to the common law tort of negligence by victims of data security breaches in seeking legal remedy from individuals or organizations whose negligent act(s) resulted in a data spill. While acknowledging that data security breach is a new phenomenon, not yet adequately addressed in common law, I shall go further to show the difficulty in attempts to redress much of the legal claims that come with data security breaches in common law.
Recommended Citation
Gideon Emcee Christian, "A New Approach to Data Security Breaches" (2010) 7:1 CJLT.
Included in
Computer Law Commons, Intellectual Property Law Commons, Internet Law Commons, Privacy Law Commons, Science and Technology Law Commons