After bookstore chain Indigo suffered a ransomware attack, current and former employees are concerned about their personal information being exposed on the dark web, Global News reports. In light of other cyberattacks of Canadian businesses like Sobeys, questions from employees have risen over their legal recourses if their data is stolen in a breach, which typically target customer data. A recent Ontario Court of Appeal ruling made it harder for individuals to file class-action lawsuits against companies that sustain data breaches. Only employee data in federally regulated industries is protected under the Personal Information Protection and Electronic Documents Act.
3 March 2023
Canadian employees' personal information often left legally vulnerable after data breaches
Related stories
US state AI legislation: Reviewing the 2025 session
Achieving privacy excellence: Understanding the privacy maturity model
CPPA executive director offers window into agency's priorities
New state laws protect abuse survivors from misuse of vehicle connectivity
Notes from the IAPP Canada: Privacy watchdogs — What the 2024–25 annual reports reveal
