Cybercrimes are on the rise. That’s a given. Sometimes, the nefarious and malicious actor holds your data hostage until you pay a ransom. Other times, the bad actor is simply out to get your personal information.
That appears to be the case involving the hacking of the Liquor Control Board of Ontario website. According to reports, people who shopped online for their wine, liquor and beer between Jan. 5-10 had their identities and credit card information stolen. Phew — I started shopping for this stuff live and in person just before the holidays, but had this happened even just a little while ago, I would have likely been one of the victims.
The LCBO is a provincial Crown corporation subject to the public-sector law in Ontario. There’s no breach reporting requirement in that law which, to me, seems like something that needs fixing. But even with laws like the Personal Information Protection and Electronic Documents Act and the Alberta Personal Information Protection Act, where breach reporting is mandatory if there’s a real risk of significant harm, it doesn’t really provide any meaningful remedies to those whose identities are stolen. All you can do is monitor your credit and report suspicious activity.
And recent case law in Ontario also suggests that individuals don’t have much of a chance of getting any remedies from the organization that was hit by the breach. Perhaps if the organization was completely negligent in not protecting the information, a remedy might ensue, but the organization can’t easily be sued under any privacy tort for having fallen victim to cybercriminals.
All this leaves me with a bit of a queasy feeling in my stomach. It won’t stop me from participating in the online economy, that’s for sure, but I do pause now when an organization requests my personal information in order to interact with them. Case in point, I had to download an application the other day after coming back from skiing at Tremblant just in order to park my car at the grocer’s parking lot. Did I have a lot of confidence in that particular app? No, not really. But I had no real choice if I was going to shop at the grocery store. Well, they did have a sign saying if I don’t have a phone to visit the customer service desk (which already had a long lineup). I reluctantly entered my name, email address and password, along with my license plate number. They say “there’s an app for that” — for everything — and they sure aren’t kidding. I’d like more choice: to use the apps I trust and make my life easier and not have to use the ones I’m uncertain about.