Hi Canadian Tessitura Community,I'm curious about the discussions you all must be having with your teams. As per the townhall held by WordFly, they noted Canadian organizations shouldn't need to notify their lists of this breach. Has anyone confirmed that's true?Has anyone made a decision to notify their lists of the breach? I see other regional communities coordinating their responses in the forums here. Thanks!
Hi Devon,
My interpretation of the Personal Information Protection and Electronics Documents Act (PIPEDA) in Canada, which shouldn't be taken as legal advice, is that reporting is only necessary if there is a rick of significant harm to the constituent. I agree with the assessment that the type of information accessed isn't sensitive enough. This might be dependent, however, on the type of information you have exported to WordFly. We can all export varying amounts of information using Output Sets. Whether or not to inform constituents is, in my opinion, a business decision. At the National Ballet, we haven't made a decision one way or the other at this time.
Another consideration is that the threat actors claim to have deleted the stolen data and there's nothing, at this time, that would indicate they didn't.
Just my opinions. When in doubt, best to seek legal advice.
Steve
Thanks, Steve! Super helpful and it does seem aligned with everything else I'm hearing too.