Canadian businesses now required to alert customers, feds when personal info falls into wrong hands

Starting Thursday, Canadian businesses will be required to alert their customers and the federal privacy watchdog if there's a danger that personal information under an organization's control has fallen into the wrong hands.

The measure is rolling out after more than three years of legislative fine-tuning.

Failure to report the potential for significant harm could expose private-sector organizations to fines of up to 100-thousand dollars for each time an individual is affected by a security breach.

But the federal government has to decide to prosecute a case.

And there are warnings that Canada's privacy office will be handicapped by a lack of resources and its limited powers under the Personal Information Protection and Electronic Documents Act.

Privacy commissioner Daniel Therrien says his office needs about six more people to analyze the new flood of breach reports that will start to flow.

He says without additional funds, the office will only be able to take a superficial look at most reports.
MP Peter Kent, the Conservative critic for access to information, privacy and ethics, says Therrien has the support of an all-party Commons committee that deals with privacy issues.

Kent says Therrien's powers need to be strengthened given the rapid changes in technology and resources available to multi-billion-dollar enterprises such as Facebook and Google.