OTTAWA – A group of MPs say federal agencies should be required by law to properly protect the private information of Canadians and to report breaches when sensitive data goes astray.
Recommendations from the Commons committee on ethics, information and privacy for updating the 33-year-old Privacy Act come as data losses and thefts in the new digital universe are making many nervous about sharing personal details.
READ MORE: Canadian political parties are above the law … privacy law, that is
A government policy directs agencies to report significant data breaches, but the federal privacy watchdog says many do not.
Get daily National news
WATCH: Canada Revenue Agency privacy breaches
For instance, Health Canada didn’t tell the privacy commissioner it slipped up in 2013 when it mailed more than 41,000 letters in windowed envelopes that clearly indicated they were from the department’s medical marijuana program.
READ MORE: Share reports of data breaches, says watchdog
The Commons committee report says there should be an explicit legal requirement for government institutions to report significant breaches, along with clear consequences for failing to safeguard personal information.
Two years ago the commissioner’s office concluded that a portable hard drive containing the personal details of more than half a million student loan applicants was left unsecured for extended periods, and lacked password protection and encryption.
Comments