Testimony from a data security industry group appears to have spurred government interest in strengthening regulations preventing data breaches.
The Canadian chapter of the National Association for Information Destruction (NAID) testified last fall at a hearing on data privacy issues in the Canadian Parliament’s House of Common.
In his testimony, Kristjan Backman, chairman of the chapter, discussed the Personal Information Protection and Electronic Documents Act (PIPEDA) and how it should be modified. The law regulates how private-sector entities collect, store and share personal information.
“Currently, destruction is only a recommendation in PIPEDA — not an obligation,” Backman said. “We believe making it an obligation would force organizations to treat destruction more seriously.”
He also advocated for increased enforcement of data-security laws, pointing to fines levied in the U.S. as a model for Canadian regulatory improvement.
Last month, the House of Commons committee released its PIPEDA improvement recommendations, which will be considered by the federal administration. Several of NAID’s concerns were included in the recommendations, along with reference specifically to Backman’s testimony. The committee recommends the government “strengthen and clarify” data destruction obligations and give the country’s top privacy official enforcement power, including the ability to levy fines.
“The presence of personal information on recycled devices and any other improper handling of personal information to be destroyed jeopardizes the privacy of Canadians,” the report noted.
NAID praised the move in a release this month, describing it as a positive sign but also noting it’s only one step toward regulatory improvements.
“While obtaining the committee’s recommendations are an important step, the job is not over until they have been translated into the revised law. NAID-Canada will stay on it,” the release stated. “As demonstrated by this success, persistence pays off.”
Photo credit: Kilmer Media/Shutterstock
