So ...Canada's Alberta province has finally seen the light, and is the first province in Canada to enact Federal-level data breach notification laws. Woohoo.
So why am I so excited you ask? Because ...big deal. Another "notification law".
So soon you Canadians up there will be just like us in the US ...you'll get letter after letter telling you the companies you've trusted with your personal and private data have let you down ...oh - and here's a year of "free credit protection, thanks for playing". It's all crap.
So we have PCI and other "compliance" regulations which turn into check-the-box exercises in due-diligence and "baseline absolute minimums"... and then we have the after-the-fact "notification" laws...
I'm still not excited ...but I should be right? Why?
When there is an actual way to mandate corporate responsibility not just 'absolute minimum security' ...then I'll be happy. Until then...congrats to Alberta, I guess.