Hi Canadian Tessitura Community,I'm curious about the discussions you all must be having with your teams. As per the townhall held by WordFly, they noted Canadian organizations shouldn't need to notify their lists of this breach. Has anyone confirmed that's true?Has anyone made a decision to notify their lists of the breach? I see other regional communities coordinating their responses in the forums here. Thanks!
Hi Devon,
Luckily, we had just started our WF integration, so we were lucky to not actually have any constituent data in their system yet.
I have still been reading up on their advice, and they may be correct that notification isn't necessary.
My interpretation of the Personal Information Protection and Electronics Documents Act (PIPEDA) in Canada, which shouldn't be taken as legal advice, is that reporting is only necessary if there is a rick of significant harm to the constituent. I agree with the assessment that the type of information accessed isn't sensitive enough. This might be dependent, however, on the type of information you have exported to WordFly. We can all export varying amounts of information using Output Sets. Whether or not to inform constituents is, in my opinion, a business decision. At the National Ballet, we haven't made a decision one way or the other at this time.
Another consideration is that the threat actors claim to have deleted the stolen data and there's nothing, at this time, that would indicate they didn't.
Just my opinions. When in doubt, best to seek legal advice.
Steve
Wow, great timing! Lucky you. Yes, it does seem all advice is pointing that direction. Thank you!
Thanks, Steve! Super helpful and it does seem aligned with everything else I'm hearing too.