Privacy Breach Response — Prevention of Future Breaches

Privacy Breach Response — Prevention of Future Breaches Privacy Bulletin June 2019 Privacy Breach Response – Prevention of Future Breaches Canadian privacy commissioners have emphasized the importance of the final step of a privacy breach response process – prevention and lessons learned. [...] Similarly, the NIST Computer Security The recommended incident response process generally Incident Handling Guide notes: “One of the most important aligns with cybersecurity best practices and guidance parts of incident response is also the most often omitted: issued by other regulators, including the Computer Security learning and improving”. [...] Punitive Damages Possible With respect to the prevention of future breaches, Tips for for Failure to Prevent containing and reducing the risks of a privacy breach explains: Future Privacy Breaches “Once the immediate steps are taken to mitigate the risks associated with the breach, organizations need to take the The British Columbia Court of Appeal decision in Ari v. [...] The level of effort should proposed class action against the Insurance Corporation reflect the significance of the breach and whether it was a of British Columbia (ICBC) for the statutory tort of violation systemic breach or an isolated instance. [...] allegation that ICBC has a history of employees breaching private information.” The Court of Appeal concluded that the history of privacy breaches by ICBC’s employees constituted a sufficient basis in fact for certifying the punitive damages issue as a common issue for the class proceeding.