Poor data-breach tracking, reporting concerns federal privacy commissioner

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.calgaryherald.com/news/Poor+data+breach+tracking+reporting+concerns+federal/8571560/story.html

By Jim Bronskill
The Canadian Press
June 24, 2013

OTTAWA - Canada's privacy czar has singled out several federal departments 
for their lacklustre approach to data breaches, citing a need for better 
reporting, security and tracking protocols.

Privacy commissioner Jennifer Stoddart's office has compiled a preliminary 
list of agencies with potentially worrisome patterns when it comes to the 
loss of Canadians' personal information.

The analysis is based on departmental figures tabled in Parliament in 
April in response to a question from New Democrat MP Charlie Angus. The 
response indicated there were more than 3,000 data breaches over a 10-year 
period affecting about 725,000 Canadians.

Upon crunching the numbers, the privacy commissioner identified nine 
departments and agencies that may lack adequate reporting mechanisms, have 
faulty security procedures or require improved tracking protocols.

Stoddart's staff cautions that the figures paint a statistical picture but 
do not shed full light on the kind of data involved in the breaches.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.