OTTAWA, Dec. 27 /CNW Telbec/ - Threats to the privacy rights of Canadians
will intensify in 2008 unless organizations resolve to do more to protect
personal information, warns Privacy Commissioner of Canada Jennifer Stoddart.
"Heightened national security concerns, the growing business appetite for
personal information and technological advances are all potent - and growing -
threats to privacy rights," says Commissioner Stoddart.
"The coming year will be another challenging one for privacy in Canada."
With that prediction in mind, Commissioner Stoddart today released her
2008 list of top 10 suggested New Year's resolutions for businesses,
individuals and government.
Resolutions for businesses in Canada:
1. Protect personal information with strong security.
More than 162 million records were compromised by theft or loss in 2007,
triple the number of data losses for the previous year, according to a USA
Today analysis of breaches in the US, Canada and other countries. This
alarming trend can be reversed if businesses begin to recognize the value of
personal information. The disastrous breach involving Winner's and HomeSense
stores is an example of what can go wrong if businesses don't invest in the
2. Use encryption to protect personal information on mobile devices such
We are seeing too many headlines about personal information at risk
because a laptop has been lost or stolen. Organizations must ensure personal
information on a mobile device is encrypted - protecting information stored on
a laptop with a password is simply not enough.
3. Ensure credit card processing equipment masks complete card numbers on
Complete credit card numbers should not be printed on receipts for
electronically processed transactions. Businesses were supposed to switch to
electronic processing equipment that masks card numbers - for example, by
printing Xes - by the end of 2007. Printing complete card numbers exposes
customers to the risk of identity theft. (Some very small businesses may still
be manually taking imprints of cards because it is not economically feasible
for them to purchase electronic equipment. They should still take all steps
necessary to protect the information they collect.)
Resolutions for Canadians:
4. Think twice before posting personal information on social networking
Many Facebook and Myspace users think of these sites as private, when, in
reality, the information they post can often be seen by just about anyone.
Before posting something, ask questions such as: How would I feel defending
this comment or photo during a job interview five years from now? Am I harming
someone else or invading someone's privacy by posting this comment, photo or
video? We like this simple rule of thumb: If Grandma shouldn't know, it
shouldn't be posted.
5. Ask questions when someone asks for personal information.
It's a good idea to understand why information such as your phone number
or postal code, or driver's licence is being requested and how it will be
used. If you are concerned about receiving junk mail or telemarketing calls,
decline to provide the information. Canada's privacy laws offer you a choice
about providing personal information that is not necessary for a transaction.
6. Take steps to protect your personal information.
Invest in a good shredder or burn all documents that include your name,
address, SIN, financial information or other sensitive personal information.
Papers containing personal information don't belong in the recycling bin.
Resolutions for the federal government:
7. Overhaul the no-fly list to ensure strong privacy protections for
The no-fly list involves the secretive use of personal information in a
way that has very serious impact on privacy and other human rights. Innocent
Canadians face the very real risk they will be stopped from flying because
they've been incorrectly listed or share the name of someone on the list.
8. Move forward with proposed reforms to Canada's privacy laws.
The federal government is currently holding consultations on important
amendments to the Personal Information Protection and Electronic Documents Act
(PIPEDA). These proposed changes include mandatory breach notification, a step
that would encourage businesses to take security more seriously and protect
Canadians against identity theft.
We also urge the federal government to open a review of the Privacy Act,
which will be celebrating its 25th anniversary in 2008. Canadians should be
offered the same level of legal protection under the Privacy Act as they have,
as consumers, under PIPEDA.
9. Ensure that identity theft legislation is swiftly passed.
The government has introduced Criminal Code amendments to help police
stop identity thieves or fraudsters before Canadians suffer actual financial
harm. The changes include explicit penalties for collecting, possessing and
trafficking in personal information.
10. Develop anti-spam legislation.
Canada remains the only G-8 country without anti-spam legislation,
raising the danger that we will become a harbour for spammers. Halting the
proliferation of spam is another important measure necessary to address
The Privacy Commissioner of Canada is mandated by Parliament to act as an
ombudsman, advocate and guardian of privacy and the protection of personal
information rights of Canadians.
For further information:
For further information: or media interview requests, please contact:
Colin McKay, Office of the Privacy Commissioner of Canada, (613) 995-0103,