The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
Recent Posts
- Privacy is a multidisciplinary issue in Canada
- Access to Information Act to be overhauled
- Berkeley Chancellor on Data Theft
- What's feeding the bad guys' desire for personal i...
- Universities get a failing grade for security of p...
- Should parents be able to see children's library r...
- Privacy Digest: Privacy News (Civil Rights, Encryp...
- BC Court dismisses union's privacy arguments in ca...
- Privacy Advocates Criticize Plan To Embed ID Chips...
- School surveillance cartoon
On Twitter
About this page and the author
The author of this blog,
David T.S. Fraser, is a Canadian privacy lawyer who practices with the
firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
Privacy Calendar
Archives
- January 2004
- February 2004
- March 2004
- April 2004
- May 2004
- June 2004
- July 2004
- August 2004
- September 2004
- October 2004
- November 2004
- December 2004
- January 2005
- February 2005
- March 2005
- April 2005
- May 2005
- June 2005
- July 2005
- August 2005
- September 2005
- October 2005
- November 2005
- December 2005
- January 2006
- February 2006
- March 2006
- April 2006
- May 2006
- June 2006
- July 2006
- August 2006
- September 2006
- October 2006
- November 2006
- December 2006
- January 2007
- February 2007
- March 2007
- April 2007
- May 2007
- June 2007
- July 2007
- August 2007
- September 2007
- October 2007
- November 2007
- December 2007
- January 2008
- February 2008
- March 2008
- April 2008
- May 2008
- June 2008
- July 2008
- August 2008
- September 2008
- October 2008
- November 2008
- December 2008
- January 2009
- February 2009
- March 2009
- April 2009
- May 2009
- June 2009
- July 2009
- August 2009
- September 2009
- October 2009
- November 2009
- December 2009
- January 2010
- February 2010
- March 2010
- April 2010
Links
Blogs I Follow
Small Print
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Tuesday, April 05, 2005
Identity Theft: The Next Corporate Liability Wave
Thanks to Michael Fitzgibbon at Thoughts from a Management Lawyer for e-mailing me a link to the following article on the coming wave of civil liability related to identity theft. The article is a good read, not only talking about the threat of class action lawsuits, but also the damage to a corporation's reputation from privacy incidents and preparing for the worst.
Identity Theft: The Next Corporate Liability Wave:"Your phone rings. It's Special Agent Bert Ranta. The FBI is investigating a crime ring involved in widespread identity theft. It has led to millions of dollars of credit card and loan losses for lenders, and havoc in the lives of the 10,000 victims. By identifying links between the victims, the FBI has discovered where the personal data appear to have come from: your company. The victims are some of your customers.
Your mind begins to whirr. Are there other customers affected who haven't been identified yet? Is it a hacker or an inside job? Is your company also a victim here, or could it be on the wrong end of a class action lawsuit?
You recall reading that each identity theft victim will on average spend $1,495, excluding attorneys' fees, and 600 hours of their time to straighten out the mess, typically over the course of a couple of years. For out-of-pocket costs alone that is, say, $2000 per victim. Multiplying that by 10,000 customer victims equals $20 million. Adding as little as $15 per hour for the victims' time and you get $11,000 per case or $110 million in total even before fines and punitive damages are considered. And that's on top of the potential impact on your company's future sales.
The nation's fastest growing crime, identity theft, is combining with greater corporate accumulation of personal data, increasingly vocal consumer anger and new state and federal laws to create significant new legal, financial and reputation risks for many companies...."
Even without laws like PIPEDA, the courts are beginning to recognize that there is a duty of care in some circumstances that extends to taking reasonable measures to protect against facilitating indentity theft. (See HEALTH CARE ASSN WORKERS COMP FUND V BUREAU OF WORKERS DISABILITY from the Michigan Court of Appeals; We'll have to wait and see how the CIBC class action fares here in Canada). For those of us who advise corporations, this is certainly a risk to be aware of.
Labels: identity theft, information breaches, law enforcement, privacy
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.
