On July 3, 2008 the Office of the Privacy Commissioner of Canada announced the results of a public opinion study we commissioned on the personal information customers hand over (or refuse to) to retailers. According to the results, more than half of Canadians said that they were apprehensive about giving their personal information to retailers, citing concerns over security issues, identity theft and fraud.
In a speech this summer, Commissioner Stoddart noted that while a greater number of companies were voluntarily reporting breaches to the OPC, “it’s clear we still aren’t hearing about every breach which could have a harmful impact on people.”
In a different speech delivered to the Canadian Bar Association Legal Conference and Expo last month, Commissioner Stoddart spoke about her support for mandatory breach notification:
“I am a strong supporter of mandatory notification. By every measure I’ve seen, breaches are a growing problem. Despite the clear risks, we continue to see too many organizations – large and small – underestimating the need to protect personal information. This results in deficient privacy and security safeguards – and, not surprisingly, data spills.”
She also took the opportunity to provide an update on potential amendments to the Protection of Personal Information and Electronic Documents Act (PIPEDA), Canada’s private sector privacy legislation. One of the anticipated amendments is a formal requirement to provide breach notification.
Despite the election call, interest in privacy rights and the future of our privacy legislation remains high. Continued interest and engagement by Canadians reminds us that individuals have a high degree of expectation that privacy rights should be respected and safeguarded.
No doubt, progress on privacy legislation will be keenly followed by individuals, government, academics, privacy advocates and civil society as the next Parliament gets underway.