TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Canada Dashboard Digest | Notes from the IAPP Canada Managing Director, Jan. 13, 2023 Related reading: Op-ed: Why CPO job roles should not require a law degree




Cybercrimes are on the rise. That’s a given. Sometimes, the nefarious and malicious actor holds your data hostage until you pay a ransom. Other times, the bad actor is simply out to get your personal information.

That appears to be the case involving the hacking of the Liquor Control Board of Ontario website. According to reports, people who shopped online for their wine, liquor and beer between Jan. 5-10 had their identities and credit card information stolen. Phew — I started shopping for this stuff live and in person just before the holidays, but had this happened even just a little while ago, I would have likely been one of the victims.

The LCBO is a provincial Crown corporation subject to the public-sector law in Ontario. There’s no breach reporting requirement in that law which, to me, seems like something that needs fixing. But even with laws like the Personal Information Protection and Electronic Documents Act and the Alberta Personal Information Protection Act, where breach reporting is mandatory if there’s a real risk of significant harm, it doesn’t really provide any meaningful remedies to those whose identities are stolen. All you can do is monitor your credit and report suspicious activity.

And recent case law in Ontario also suggests that individuals don’t have much of a chance of getting any remedies from the organization that was hit by the breach. Perhaps if the organization was completely negligent in not protecting the information, a remedy might ensue, but the organization can’t easily be sued under any privacy tort for having fallen victim to cybercriminals.

All this leaves me with a bit of a queasy feeling in my stomach. It won’t stop me from participating in the online economy, that’s for sure, but I do pause now when an organization requests my personal information in order to interact with them. Case in point, I had to download an application the other day after coming back from skiing at Tremblant just in order to park my car at the grocer’s parking lot. Did I have a lot of confidence in that particular app? No, not really. But I had no real choice if I was going to shop at the grocery store. Well, they did have a sign saying if I don’t have a phone to visit the customer service desk (which already had a long lineup). I reluctantly entered my name, email address and password, along with my license plate number. They say “there’s an app for that” — for everything — and they sure aren’t kidding. I’d like more choice: to use the apps I trust and make my life easier and not have to use the ones I’m uncertain about.

1 Comment

If you want to comment on this post, you need to login.

  • comment Rachelle Delage • Jan 16, 2023
    I don't really have issue with providing my email and a shipping address (which is my home address) when shopping online, but I really hate it when they ask for other personal information such as my DOB, as I don't really care about a birthday discount. My way around this is I provide another date, which I am the only one to know, and uses that same date for all my online shopping when required to enter a DOB. I would never give out my actual DOB except for employment, insurance, banking and official government programs and services. In my opinion, there is no legitimate business need for an online store to collect my DOB.