Language selection


Appearance before the House of Commons Standing Committee on Justice and Human Rights on Bill S-4 – An Act to amend the Criminal Code

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

September 28, 2009
Ottawa, Ontario

Statement by Jennifer Stoddart
Privacy Commissioner of Canada

(Check against delivery)

Mr. Chairman and members of the Committee, thank you for inviting our Office to address you on this important government initiative.  I am accompanied by Carman Baggaley, a Strategic Policy Advisor.

We are pleased to see that the government is taking action on the growing problem of identity theft. Polling conducted by my Office this year reveals that one in six Canadians have experienced some form of identity theft. Over ninety per cent of Canadians are concerned about the issue of identity theft.

Identity theft is a broad term that is often used to describe a wide range of behaviour. It can include credit card fraud. It often involves pretexting, pretending to be someone else in order to purchase goods or services or obtain that person’s personal information. There are also more sophisticated techniques, such as skimming, which involves stealing personal information from the magnetic strip on debit and credit cards through the use of small electronic devices.

I am sure that everyone here has received “phishing” emails from what appear to be reputable organizations such as banks, asking us to verify our account information or provide personal information.

As technology evolves, identity thieves are constantly looking for new ways to obtain personal information. Just last month a man who has been called the world’s most prolific identity thief pleaded guilty to stealing tens of millions of credit and debit card records by identifying and exploiting weaknesses in retailers’ wireless networks. 

Identity thieves then use this personal information to withdraw money from bank accounts, obtain loans or credit cards, obtain government benefits and even take out mortgages.

We often talk about identity theft in terms of the financial cost and victims of identity theft may suffer significant financial loss, but they are also likely to feel that their privacy has been invaded.

The lessons of the past few years teach us that stronger protections are needed if privacy is to have any meaning at all in the face of contemporary challenges.  Bill S-4 is a significant step in the right direction; however it should form part of a broader-based strategy to address identity theft and identity fraud.

The recent introduction of anti-spam legislation is also an important contribution. The Electronic Commerce Protection Act prohibits sending unsolicited commercial electronic messages without consent.  It includes targeted provisions against phishing and spyware, and it provides a private right of action against spammers. The Act sets out a coordinated approach to enforcement that allows for co-operation and information sharing with foreign authorities. 

I would like to see a similar coordinated approach to ID theft. We have the expertise and resources. There is the Phone-busters anti-fraud call centre operated by the RCMP, Competition Bureau and the Ontario Provincial Police. There are excellent resources on identity theft on the Safe Canada website set up by Public Safety Canada.  Now what we really need is for the police and regulators, the public and private sector and federal and provincial officials to work together.

In our recommendations for reform of the Privacy Act we have asked for stronger regulation, including better security safeguards and we continue to believe that broader access to the Courts is important.  In the review of our private sector legislation, PIPEDA, we have similarly recommended changes which would allow us to better regulate personal information handling practices and we have called for mandatory breach notification. These measures would empower Canadians to prevent identity theft, and motivate companies and government organizations to properly safeguard personal information under their control.

Thank you once again for inviting me to speak to you on this issue. I would be pleased to take any questions members of the Committee may have.

Report a problem or mistake on this page
Error 1: No selection was made. You must choose at least 1 answer.
Please select all that apply (required):


Date modified: