These
are straightforward to build.
https://databreaches.net/2025/03/30/canadas-privacy-commissioner-launches-breach-risk-self-assessment-tool-for-organizations/
Canada’s
Privacy Commissioner launches breach risk self-assessment tool for
organizations
Privacy
Commissioner of Canada Philippe Dufresne has launched a new online
tool that will help businesses and federal institutions that
experience a privacy breach to assess whether the breach is likely to
create a real risk of significant harm to individuals.
The privacy
breach risk self-assessment tool is
a convenient web-based application that guides users through a series
of questions to assess the sensitivity of personal information that
is involved in a data breach, and the probability that it will be
misused.
The results
provided through this online tool will help organizations to conduct
a risk assessment following a data breach and determine their
required next steps, including notifying affected individuals.
Organizations
that are subject to Canada’s federal private-sector privacy law,
the Personal
Information Protection and Electronic Documents Act (PIPEDA),
and federal government institutions, are required to report breaches
that pose a real risk of significant harm to the Office of the
Privacy Commissioner of Canada and to notify affected individuals.
Real risk of
significant harm includes bodily harm, humiliation, damage to
reputation or relationships, loss of employment, financial loss,
identity theft, negative effects on one’s credit record, and damage
or loss of property.
In determining
whether there is a real risk of significant harm, organizations must
consider the degree of sensitivity of the personal information
involved and the probability that the information will be misused.
Privacy
breaches may result from identity theft, scams, hacking or other
unauthorized access, be it deliberate or accidental. Sensitive
information often includes personal health and financial data.
Quote
“Privacy
breaches are growing in scale, complexity and severity and can cause
serious harm to the people who have been affected. This new online
tool will make it easier for organizations to assess the potential
impacts on individuals who have been affected, to determine what
steps they need to take following a breach.”
Philippe
Dufresne
Privacy
Commissioner of Canada
Related
links
Source: Office
of the Privacy Commissioner of Canada
Worth
considering…
https://www.mdpi.com/1999-5903/17/4/151
GDPR
and Large Language Models: Technical and Legal Obstacles
Large
Language Models (LLMs) have revolutionized natural language
processing but present significant technical and legal challenges
when confronted with the General Data Protection Regulation (GDPR).
This paper examines the complexities involved in reconciling the
design and operation of LLMs with GDPR requirements. In particular,
we analyze how key GDPR provisions—including the Right to Erasure,
Right of Access, Right to Rectification, and restrictions on
Automated Decision-Making—are challenged by the opaque and
distributed nature of LLMs. We discuss issues such as the
transformation of personal data into non-interpretable model
parameters, difficulties in ensuring transparency and accountability,
and the risks of bias and data over-collection. Moreover, the paper
explores potential technical solutions such as machine unlearning,
explainable AI (XAI), differential privacy, and federated learning,
alongside strategies for embedding privacy-by-design principles and
automated compliance tools into LLM development. The analysis is
further enriched by considering the implications of emerging
regulations like the EU’s Artificial Intelligence Act. In
addition, we propose a four-layer governance framework that addresses
data governance, technical privacy enhancements, continuous
compliance monitoring, and explainability and oversight, thereby
offering a practical roadmap for GDPR alignment in LLM systems.
Through this comprehensive examination, we aim to bridge the gap
between the technical capabilities of LLMs and the stringent data
protection standards mandated by GDPR, ultimately contributing to
more responsible and ethical AI practices.
Interesting.
https://scholarship.law.upenn.edu/faculty_articles/541/
Is
Privacy Really a Civil Right?
Sixty
years ago, President Lyndon Johnson signed the Civil Rights Act of
1964. Civil rights laws aimed at curbing discrimination and
inequality in federal programs, public accommodations, housing,
employment, education, voting and lending faced opposition before the
Act and continue to do so today. Nevertheless, a swell of legal
scholars, policy analysts and advocacy groups in the United States
now assert with favor a vital connection between privacy and civil
rights. Historically, civil rights legislation was enacted to combat
group-based discrimination, a problem exacerbated by contemporary
approaches to personal data collection, artificial intelligence,
algorithmic analytics and surveillance. Whether
privacy is a civil right, protects civil rights, or is protected by
civil rights, the novel pairing of civil rights and
privacy rights commends itself. Yet, as we show, the pairing of
privacy and civil rights is complex, consequential, and potentially
disappointing. Privacy and civil rights have a mixed history of
celebrated, but also ambivalent and condemnatory, partnerships.
Little direct support for conceptualizing privacy or data protection
as a civil right resides in the intricate history of U.S. civil
rights laws. Still, civil rights law is a dynamic moral, political
and legal concept adaptable to the demands of new justice
initiatives. With that in mind, this Article critically examines the
implications of legal interventions premised on pairing privacy
rights and civil rights. We trace the contentious but paramount
ideas of civil rights and privacy rights far back in time, revealing
that important conceptual and historical issues muddy the waters of
the recent trend freely characterizing privacy rights as civil rights
or as rights that protect or are protected by civil rights. We
conclude that one can sensibly contend today that privacy rights do
and ought to protect civil rights, exemplified by the right to vote
and freely associate; civil rights do and ought to protect privacy
rights, exemplified by fair housing and employment rights that
support material contexts for intimate life; and crucially, that
privacy rights are civil rights, meaning that they are aspirational
moral and human rights that ought to be a part of society’s
positive law protections to foster goods that go to the heart of
thriving lives and effective civic participation for everyone. By
illuminating the remote and recent sources of what we term the
“privacy-and-civil-rights” movement and its practical
significance, we hope to empower those who pair privacy and civil
rights with greater clarity and awareness of context, limitations,
and likely outcomes.
