My weekly Toronto Star Law Bytes column (Toronto Star version, HTML backup article, homepage version) picks up on last week’s discussion of the need to name names as part of Canada’s privacy law by advocating further reforms to the privacy law framework. The column argues that for many for many the law is considered a business risk that carries no realistic expectation of serious financial consequences or diminished reputation a risk that can be managed through minimal compliance and contrition if caught. A starting point to reverse this would be to provide the federal Privacy Commissioner with order making power to award fines and other penalties.