Privacy Laws Need to Be Updated, Federal Watchdog Says

Privacy laws in Canada need to be updated to match the digital age, the federal privacy commissioner urges.

Releasing a paper stating the need for new regulations, Commissioner Jennifer Stoddart said privacy laws need stronger enforcement power so that private-sector companies protect consumer privacy. 

“Personal information has been called the oil of the digital economy. As organizations find new ways to profit from personal information, the risks to privacy are growing exponentially,” Stoddart said in a statement. 

The existing federal act regulating commercial activities came into force in 2001, Stoddart noted, and didn’t consider privacy issues facing Canada today, with advancements in technology and social media.

“There was no Facebook, no Twitter and no Google Street View. Phones weren’t smart. ‘The cloud’ was something that threatened picnic plans,” she said. 

Many major corporations are careless in the way they handle private information, Stoddart noted. 

Citing a study done by her office last year, Stoddart said one in four websites they examined were either unaware that they were disclosing information to third parties, or weren’t informing users of this activity. 

“That is troubling,” she said. 

A poll carried out by the Office of the Privacy Commissioner this year shows two-thirds of Canadians are concerned about the protection of their privacy, with one-quarter stating they are “extremely” concerned. 

Making the announcement of her paper at the annual Canada Privacy Symposium last week, Stoddart said the current legislation doesn’t have the required incentives to compel organizations to invest in protecting the privacy of users. 

The only “real” tool available to her office at the moment, she said, is to name companies that don’t properly protect the privacy of users so that consumers can choose where to take their business. 

The commissioner is recommending changes to the existing legislation to bolster privacy protection, including having stronger enforcement powers, and requiring organizations to report breaches of personal information to the privacy commissioner and to affected individuals, among other recommendations.