Companies asked to handle data loss alerts

OTTAWA, April 25 (UPI) -- The Canadian government is considering legislation that would leave it up to companies to advise customers when data theft occurs.

A draft bill says when a data breach causes "a high risk of significant harm to individuals" the company is required to notify people who are affected as soon as is "reasonably possible," Canwest News Service reported.

The Industry Canada agency would seek no penalties from banks, retailers and other businesses that didn't notify clients if their personal data had been compromised, Canwest said.

As the law now stands, companies must report any "material data breach" to Canada's Privacy Commission.

Since January 2007, there have been several major data losses involving personal information on 470,000 customers of the Canadian Imperial Bank of Commerce. Earlier this year, the Bell telecommunications company reported data on 3.4 million customers had been found on a computer of a Montreal man, the report said.