An alarming trend of ever-bigger data breaches is prompting Privacy Commissioner Jennifer Stoddart to call for substantial fines against major corporations that fail to adequately protect Canadians’ personal information from preventable breaches.
“I am deeply troubled by the large number of major breaches we are seeing, including serious incidents in recent weeks that have affected hundreds of thousands of Canadians,” says Commissioner Stoddart.
During a speech today at the Canada 3.0 forum in Stratford, Ontario, the Commissioner stated: “Too many companies are collecting more personal information than they are able to effectively protect…. It seems to me that it’s time to begin imposing fines – significant, attention-getting fines – on companies when poor privacy and security practices lead to breaches.”
Before the federal election campaign, the Canadian Parliament was considering legislation to create a requirement for private-sector organizations to report significant data breaches to the Privacy Commissioner and affected individuals.
Commissioner Stoddart said the new session of Parliament creates the opportunity to strengthen the legislation to give the Privacy Commissioner the power to impose substantial fines in appropriate cases.
“I have come to the conclusion that the only way to get some corporations to pay adequate attention to their privacy obligations is by introducing the potential for large fines that would serve as an incentive for compliance,” she said, noting that her counterparts in a number of other countries, including the United Kingdom, France and Spain, have already moved to impose hefty fines following breaches.
The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman and guardian of privacy in Canada.