are doing. If the privacy commissioner's office has to investigate whether you have reasonable security measures, these are the places they will look at first."
As for the average security professional, McQuay said the onus will fall on them to determine how significant a breach is and to ask the organization's legal council on whether to notify the affected individuals. A few guidelines to consider, he said, is the sensitivity of the personal information, the medium and the format of the data, and the prospect of criminal activity or intentional wrongdoing in the data's disappearance.
Reprinted with permission from ComputerWorld Canada. Story copyright 2008 ComputerWorld Canada Inc. All rights reserved.
Post new comment