My weekly Law Bytes column (Toronto Star version, homepage version) focuses on the need for Canadian privacy reform in light of last week's security breaches involving CIBC and retailer giant Winners. I note that these two incidents highlight the fragility of sensitive, personal information that is entrusted to Canadian businesses as well as the inadequacy of current Canadian privacy legislation. Business groups have cautioned against privacy law reforms, yet as the risk of identity theft grows, the calls for change are likely to become more vocal.
While the U.S. pushes forward with security breach disclosure legislation, Canadian business has argued strongly against similar reforms. The Information Technology Association of Canada, which features representatives from companies such as BCE, Telus, Rogers, Microsoft, Nortel, and Research in Motion on its board of directors, warned against mandatory notification legislation in an appearance before a parliamentary committee last month.
