Anne Côté writes:
Alberta’s new Privacy Commissioner, Jill Clayton, has released a report on the first two years of mandatory privacy breach reporting in Alberta (the “Breach Report”).
Under Alberta’s private sector privacy law, the Personal Information Protection Act (“PIPA”), a privacy breach that presents “a real risk of significant harm” must be reported to the Privacy Commissioner, who can then require an organization to notify affected individuals. Relevant “harms” include risk of identity theft, damage to reputation, and risk to personal safety.
As of the end of April 2012, 151 breach reports had been received by the Privacy Commissioner. Of these reports, 63 cases (42%) involved a real risk of significant harm. In the remainder of the matters, this threshold was not reached, PIPA was determined not to apply, or the matter was still under review.
Read more on JDSupra.