A New Approach to Data Security Breaches
Canadian Journal of Law and Technology, Vol. 7, No. 1, p. 149, 2009
47 Pages Posted: 8 Nov 2010
Identity theft or fraud has become a serious cause for concern in the information technology world. It is fast gaining notoriety as one of the fastest growing crimes and its growth has been attributed to the ever-increasing rate of data security breaches which has continued to dominate the news as well as the courts. The judiciary and the legislature among others, in various legal jurisdictions, have made several efforts to deal with the ever-increasing cases of data security breaches. In the case of the judiciary, it has sought (with great difficulty) to stretch or over-stretch existing laws formulated when the information technology world had not been conceived. The legislature on the other hand has been more concerned with formulating new laws to comprehensively deal with the situation. This research paper examines the problems associated with data security breaches from two different but not mutually exclusive perspectives. The first part of the paper examines the need for notification in the event of a data security breach and why the Personal Information Protection and Electronic Document Act1 (“PIPEDA”) ought to be amended in order to create a legal or statutory obligation in Canada to compel disclosure or notification of data security breaches. The second part of the paper examines the resort to the common law tort of negligence by victims of data security breaches in seeking legal remedy from individuals or organizations whose negligent act(s) resulted in such a breach. While acknowledging that data security breach is a new or recent phenomenon not yet clearly addressed at common law, the paper goes further to show the difficulty in attempts to redress much of the legal claims that come with data security breaches in common law.
Keywords: Identity theft, Identity fraud, Data Security Breach, Negligence, res ipsa loquitor
Suggested Citation: Suggested Citation