Jennifer Stoddart, Canada’s Privacy Commissioner, wants large corporations to pay the price when their security is compromised. Speaking at the Canada 3.0 forum in Stratford, Ont., Stoddart commented on the recent privacy breach of Sony’s PlayStation Network.
“I am deeply troubled by the large number of major breaches we are seeing, including serious incidents in recent weeks that have affected hundreds of thousands of Canadians,” Stoddart said. “It seems to me that it’s time to begin imposing fines — significant, attention-getting fines — on companies when poor privacy and security practices lead to breaches.”
At the moment, her office is not allowed to impose fines so Stoddart doesn’t have the power to hold Sony accountable. Corporations also aren’t required to file reports with the Privacy Commissioner, which means that Sony wasn’t out of line even though the company failed to notify Stoddart after learning that PSN data was at risk.
Stoddart expects the government to reintroduce legislation that would amend the Personal Information Protection and Electronic Documents Act (PIPEDA), and hopes that the new law would allow the Office of the Privacy Commissioner to levy fines in the case of major privacy breaches. Similar bills have been introduced in the past, although the recent federal election derailed the latest legislative efforts.
“What has happened in Canada was, because of the difficulty in getting legislation through the minority Parliament, that its passing had been delayed by several years. And as time went on, this particular proposal was increasingly out of sync with the trend and out of sync with the continuing occurrence of major data breaches,” she said. “They just seem to be getting bigger and bigger.”
Source: Vancouver Sun