I can count on my fingers the number of times organizations have been ordered to pay monetary damages for violations of privacy laws in Canada. And I wouldn’t need a calculator’s help to add up the total amount that has been ordered payable to complainants. While math may not be everyone’s strongest subject, the point is the numbers we are dealing with are strikingly low.
Yesterday, Canada’s newest “privacy” law, CASL, the anti-spam law, changed all that. A company was ordered to pay $1.1 million for sending commercial electronic emails without consent and with broken unsubscribe mechanisms. Now those are big bucks.
It made me think about how backwards we are in Canada regarding the policy choices our lawmakers have made about privacy. For some reason, the privacy of our email inbox is the most important and well-protected we have, while other—arguably just as or more important personal information like our financial, health and the deepest secrets of our Google searches—are all left to protection by laws whose most severe remedy is the old “name and shame” game.
Like thousands of other privacy professionals, I’m in Washington, DC, this week for the IAPP Global Privacy Summit. And it is, truly, a global affair. As discussions ensue about how sophisticated the world is becoming at data protection, I can’t help but wonder when Canada will catch up. A first step could be to pass Bill S-4 before it gathers much more dust.
If you want to comment on this post, you need to login.