As part of Fraud Prevention Month, the RCMP is rolling out tip sheets to help Canadians protect themselves against an ever-growing number of scams and frauds including a list of “Top 10 Cyber Crime Prevention Tips”. Many of these tip sheets highlight the role of technology in fraudulent schemes and the importance of ensuring that personal information remains secure and confidential. For example, the RCMP warns against various forms of online shopping fraud, such as where fraudsters sell products at deeply discounted prices so they can steal the personal information and payment card details of unsuspecting buyers.
A troubling new brand of identity theft, known as ‘Synthetic Identity Fraud‘, has witnessed exponential growth in recent months. In this variation, fraudsters synthesize a new online identity using a collage of personal information from various real identities. They are able to wreak financial havoc with little chance of detection. Financial institutions, online retailers, entertainment platforms, hotels and healthcare companies have become primary targets due to the significant volumes of personal and financial data they store and collect. Several high-profile data breaches over the past few years indicate that the risk of being subject to a data attack is real and increasing.
Lawmakers have begun to pay attention. The Canadian government has recently enacted legislation that targets the activities of fraudsters, such as Canada’s soon to be in force Anti-Spam legislation as well as new offences under the Criminal Code that combat identity-related crime. There is also a trend towards placing the responsibility for safeguarding personal information on the entities that collect personal information. For example, Manitoba’s new privacy legislation, which is not yet in force, imposes an obligation on organizations to notify an individual as soon as reasonably possible if personal information it had about the individual was stolen, lost or accessed in an unauthorized manner. Likewise, organizations can and have been subject to class actions in Canada for failing to prevent data breaches. The pressure to safeguard personal data will continue to mount. At the centre of much of the media attention regarding the risks to personal data are Canada’s financial institutions, which are often the targets of the most intensive and persistent hacking efforts. Finance Canada has recently joined the conversation by releasing a consultation paper, seeking the views of Canadians in the development of a Financial Consumer Protection Framework. The outcome of this consultation process may have significant impacts on the obligations placed on financial institutions to safeguard personal data. The Office of the Privacy Commissioner of Canada has already weighed in by issuing its response to Finance Canada’s consultation process, which seeks:
- strengthening of enforcement powers for privacy breaches;
- greater transparency and accountability measures; and
- mandatory breach notification.
We will be monitoring this space and providing further updates on Finance Canada’s consultation process as it moves forward.
* The author wishes to thank Jonathan Tam, Student-at-Law, for his assistance with this posting.