There is a new and interesting decision out of Peterborough that raises but doesn’t answer a lot of questions. These questions revolve around the intersection of PHIPA, class action law and tort law. This is not something you see everyday although we may have to wait awhile before the dust (and the law) settles. 

Another lost laptop; another press release, something entirely too common these days. But one press release issued last week had an element that caught my eye and serves as a reminder that encrypted laptops are not a panacea for those who want to have data readily at hand in a portable device.

Dealing with breaches is like treating the symptoms: organizations really need to address the underlying problems. To that end, I would suggest that anyone considering how best to prevent breach management really think in terms of “incident management”. What’s the difference between incidents and breaches? A lot and a thorough understanding the former may help minimize the latter.