While it is well known that the remedies available to those whose privacy rights have been breached are minimal, the same cannot be said for the consequences individuals are experiencing when they deliberately violate privacy rights. More and more, the people who screw up are starting to experience meaningful — and sometimes life changing — punishments.
At last week’s Symposium, I heard Commissioner Jill Clayton explain that, in Alberta, there have been several prosecutions under the Personal Health Information Act. While some of the cases Commissioner Clayton spoke about were ongoing, others have resulted in pretty significant fines being levied against the medical professionals who broke privacy laws. There have been other prosecutions in Ontario and, I believe, Newfoundland and Labrador. In fact, they are getting to be so frequent that it’s hard to keep track, so I may have missed a few along the way.
And, below, you’ll see a story about how eight CRA employees have been fired for privacy violations. I suppose that being fired could, in many cases, cause even greater hardship to the wrongdoer than being fined.
So, it’s not really true to say that there are no consequences to doing privacy badly in Canada. Some people, as individuals, have paid a significant price. What I think we still need to contend with, however, is how to translate this trend so that organizations (i.e., businesses and government institutions) also undergo meaningful consequences if they ignore privacy obligations.
If you want to comment on this post, you need to login.