My weekly Law Bytes column (Toronto Star version, homepage version) focuses on the need for Canadian privacy reform in light of last week's security breaches involving CIBC and retailer giant Winners. I note that these two incidents highlight the fragility of sensitive, personal information that is entrusted to Canadian businesses as well as the inadequacy of current Canadian privacy legislation. Business groups have cautioned against privacy law reforms, yet as the risk of identity theft grows, the calls for change are likely to become more vocal.
While the U.S. pushes forward with security breach disclosure legislation, Canadian business has argued strongly against similar reforms. The Information Technology Association of Canada, which features representatives from companies such as BCE, Telus, Rogers, Microsoft, Nortel, and Research in Motion on its board of directors, warned against mandatory notification legislation in an appearance before a parliamentary committee last month.
Read more ›
Appeared in the Toronto Star on January 22, 2007 as Privacy Breaches Expose Flaws in Law Privacy took centre stage in Canada late last week as TJX Cos., the parent company of retail giants Winners and HomeSense, disclosed that as many as two million Canadian credit cards may have been […]
Read more ›
The PIPEDA hearings continued on Monday with a robust debate on order making power, naming names, and the effect of contractual provisions on privacy protection. The Information Technology Association of Canada uniformally argued that PIPEDA works fine, changes are unnecessary and costly, and dismissed proposed provisions such as naming names or order making power. My colleague Ian Kerr focused on contractual issues, while the Canadian Bar Association supported order making power with the development of a new tribunal.
While I was not in attendance, the notes from the hearing suggest that this hearing would be better named "ITAC Attacks". In its zeal to dissuade the committee from recommending any changes, ITAC made several unsubstantiated claims including claims that most organizations approach the commissioner where security breaches occur, that there is a good level of privacy compliance in Canada, and that the U.S. is not less prone to privacy invasions than Canada (all offered without reference to any supporting study). It would be worth noting which companies comprise ITAC's membership and inquire directly whether they support the strongest assault yet on reforms that might improve Canada's privacy law framework.
The full notes of the day's event, from Kathleen Simmons, are posted below:
Read more ›