Media Advisory/Interview Opportunity - Security Breaches - Damage Control for Lost or Stolen Personal Information

    McCarthy Tétrault LLP Outlines the 'Need to Knows' for Canadian

    TORONTO, April 16 /CNW/ -

    What:  Managing personal information is a challenge, and privacy breaches
           can be a major headache for businesses. There have been a number
           of cases recently in which personal information has been lost or
           stolen, leading to investigations by privacy commissioners, media
           attention and, in some cases, class action lawsuits. Law-makers
           and regulators will likely raise the bar for companies when it
           comes to preventing, detecting and reporting breaches involving
           personal information.

    How:   Preparedness and damage control are the best forms of defense. It
           is crucial that organizations have processes in place for timely
           situation assessment and action plan implementation.

           McCarthy Tétrault points to the key immediate steps a pre-assigned
           team (including individuals from privacy, security, IT,
           communications, and legal) should follow to investigate the

           -     Ensure necessary communications to employees/management
           -     Ascertain chain of custody (date of breach, if ongoing, how
                 it occurred, when discovered, how many individuals affected)
           -     ID what info is the subject of breach (e.g. health info,
                 financial, social insurance numbers, contact info, etc.)
           -     Determine if there are physical/technological impediments
                 to unauthorized access to info (e.g. password protection,
                 encryption, etc.)
           -     Attempt to determine whether info has already been
                 inappropriately used or disclosed or the likelihood that it
                 could be
           -     Assess risk of harm if info is inappropriately used or
                 disclosed (e.g. physical harm, fraud, identity theft,
                 embarrassment or inconvenience to the individuals, loss of
                 business or employment opportunities, etc.)
           -     ID steps required to mitigate effect of breach, both
                 internal (e.g. retrieving copies, changing passwords/access
                 rights, backing up databases) and external (e.g. notifying
                 affected individuals, law enforcement, privacy commissioner/
                 regulatory authorities, contractual reporting obligations if
                 data was being processed on behalf of another organization,
           -     If notification is required or advisable, determine
                 appropriate means to provide it (e.g. whether directly to
                 affected individuals or indirectly through public
                 announcements, and when)
           -     ID steps required to prevent reoccurrence (e.g. changing
                 company procedures, policies/contractual templates, changes
                 to physical or technological safeguards and employee
           -     Communications plan for follow up questions/requests from
                 data subjects, employees, regulators and law enforcement,
                 and other stakeholders

    Who:   McCarthy Tétrault's legal experts are available to further
           elaborate on the many complex issues of business privacy and
           security. For further information, to request a byline article or
           to speak to a McCarthy Tétrault spokesperson, please contact:
           Amanda Burgess at McCarthy Tétrault, (Tel: 416-601-8988/ aburgess
 , or Emma Capombassis at Cohn & Wolfe, (Tel: 416-
           924-5700 ext. 4065/

For further information:

For further information: to request a byline article or to speak to a
McCarthy Tétrault spokesperson, please contact: Amanda Burgess, at McCarthy
Tétrault, (Tel: (416)-601-8988,; or Emma Capombassis at
Cohn & Wolfe, (Tel: (416)-924-5700 ext. 4065,

Organization Profile

McCarthy Tétrault

More on this organization

Custom Packages

Browse our custom packages or build your own to meet your unique communications needs.

Start today.

CNW Membership

Fill out a CNW membership form or contact us at 1 (877) 269-7890

Learn about CNW services

Request more information about CNW products and services or call us at 1 (877) 269-7890