Canada’s Identity Theft Bill: What It Says and What’s Missing

The federal government yesterday introduced much-needed identity theft legislation.  Bill C-27 includes several important provisions focusing on identity theft such as trafficking in documents and identity information.  Key provisions include:

  • making, possessing, transferring, or selling "identity documents" of another person becomes an offence punishable with up to five years in jail.  This is subject to exceptions such as good faith, genealogical purposes, consent of the person, or law enforcement purposes.  Identity documents include SIN cards, driver's license, health insurance card, birth certificate, passport, or citizenship document.
  • knowlingly obtaining or possessing another person's "identity information" with the inference that the intent is to commit a crime such as fraud.  Moreover, it is an offence to transmit, make available, distribute, sell or offer to sell such information knowing that it will be used to commit an offence.  Identity information includes any information commonly used to identify a person.  Examples in the legislation include fingerprint, voiceprint, retina or iris image, DNA profile, name, address, date of birth, written, electronic or digital signature, user name, credit or debit card number, bank account number, passport, SIN, health insurance number, driver's license, or password.  The penalty for these offences is up to five years in jail.
  • identity fraud, namely fraudulently impersonating another person with the intent for personal gain.
  • fraudulent use or possession of credit card data is added to the Criminal Code as is a provision for up to 10 years in jail for knowingly possessing, importing or exporting devices that can be used to fraudulently copy credit card data.
  • theft or redirection of postal mail
  • using forged documents as if they were genuine, selling/making available forged documents, possessing forged documents with the intent to sell carries a penalty of up to ten years in jail.  Dealing in devices used to create forged documents brings a possible penalty of 14 years in jail.
  • up to five years in jail for falsely representing oneself as a peace office or public officer.

This is good and long overdue legislation.  It is not a complete solution, however.  While penalties for identity theft are needed, Canada also needs to take steps to allow Canadians to self-protect against identity theft, to create incentives for companies to safeguard personal information against the prospect of identity theft, and to address some of the activities used to facilitate identity theft.  There are two obvious issues that should be addressed.  First, anti-spam legislation, which would include phishing and spyware, is similarly long overdue.  Second, Canada needs a mandatory security breach notification law so that Canadians are advised when their personal information may be at heightened risk for identity theft.


  1. what about better preventative measures?
    How about we get something more effective done to *prevent* identity theft like forcing credit reporting bureaus to freeze our credit reports effectively i.e. for an unlimited period and with a hassle-free process. No credit report = no unauthorized debts which solves a big portion of the problem. I believe its easier to deal with fraud on existing accounts (which already have fraud protection) rather than other accounts that one is not aware of. Also, more should be done to address companies which collect way too much personal info about us as well as those that do little or no work to protect it.

  2. Palonek
    I find it interesting that the difference between the estimated and reported cost of identity thefts differs so much. With digital age identify theft is here to stay. Even in the 70’s identify theft was a big problem. With the information age the “mythology” of how difficult it is to actually steal someones bank account, etc has almost disappeared thus making it an attractive revenue for some. Plus there is the added bonus of being anonymous that the internet offers, unlike in 60’s through 80’s…
    [ link ]
    Edward Palonek
    At the end of the day, all that the government can do is make it a little more difficult at the expense of the consumer.

  3. J.C. Carvill says:

    It would be better if one would go for preventive methods, but it feels good to hear that governments are improving the law for this.

    J.C. Carvill
    URL: [ link ]

  4. prevention
    people need to protect themselves. going through the courts is too slow, too few people are caught and too expensive. i heard about a product that allows you to swipe your card at home, like at the store. supposed to be safe at least from third-party hackers.

  5. passed or not?
    was this bill passed? if so what year?