After the Sony Playstation Network hacking saga, Canada’s privacy commissioner wants the government to impose hefty fines on companies that fail to adequately protect Canadians’ personal information from preventable data breaches.
“I am deeply troubled by the large number of major breaches we are seeing,” Jennifer Stoddart said on Wednesday at the Canada 3.0 digital media conference in Stratford, Ont.
She concluded that the task of imposing “significant, attention-getting fines” is “the only way” to get some businesses such as Sony to “pay adequate attention to their privacy obligations.”
The problem with current privacy laws is that the privacy commissioner can investigate complaints that a company has violated Canadian privacy laws; however it does not have enforcement powers. Instead, they must ask the Federal Court to take action, making it a long and complicated procedure.
The information stolen from Sony during the cyberattack included names, birthdates, email addresses, passwords and some credit card and banking information.
Stoddart said she was “very disappointed that Sony did not proactively notify my office of the breach.”