News Release

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Fines needed to help stem growing data breaches, Privacy Commissioner says

Trends suggest it’s time for Parliament to pass legislation that would impose fines on companies when poor privacy and security measures lead to significant data breaches.

STRATFORD, Ontario, May 4, 2011 – An alarming trend of ever-bigger data breaches is prompting Privacy Commissioner Jennifer Stoddart to call for substantial fines against major corporations that fail to adequately protect Canadians’ personal information from preventable breaches.

“I am deeply troubled by the large number of major breaches we are seeing, including serious incidents in recent weeks that have affected hundreds of thousands of Canadians,’’ says Commissioner Stoddart.

During a speech today at the Canada 3.0 forum in Stratford, Ontario, the Commissioner stated:   “Too many companies are collecting more personal information than they are able to effectively protect…. It seems to me that it’s time to begin imposing fines – significant, attention-getting fines – on companies when poor privacy and security practices lead to breaches.’’

Before the federal election campaign, the Canadian Parliament was considering legislation to create a requirement for private-sector organizations to report significant data breaches to the Privacy Commissioner and affected individuals.

Commissioner Stoddart said the new session of Parliament creates the opportunity to strengthen the legislation to give the Privacy Commissioner the power to impose substantial fines in appropriate cases.

“I have come to the conclusion that the only way to get some corporations to pay adequate attention to their privacy obligations is by introducing the potential for large fines that would serve as an incentive for compliance,’’ she said, noting that her counterparts in a number of other countries, including the United Kingdom, France and Spain, have already moved to impose hefty fines following breaches. 

The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman and guardian of privacy in Canada.

- 30 -

For more information (media only), please contact:

Valerie Lawton
Office of the Privacy Commissioner of Canada
E-mail: Valerie.Lawton@priv.gc.ca

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.

Note

Date modified: