Identity thieves are sneaky.
According to the Privacy Commissioner of Canada, thousands of people fall victim to identity theft every year. Your personal information can be used to open a credit card account, charge items to your existing bank or credit card accounts, find employment, or get a cell phone on your dollar.
And not only can people steal your personal information online, some create entire official-looking websites or send emails with seemingly authentic logos and email addresses to disguise themselves as legit businesses. It’s called “phishing,” and people fall prey to these scams because they think they’re actually communicating with their financial institution or that they’re going to win large sums of cash. Instead, they end up losing a lot of money and are often completely unaware that the theft has taken place.
In Canada, there is no law to ensure that you will even be informed if identity theft does happen. A business or government agency here is in no way obligated to inform you that their security system has been breached and your personal information has been stolen.
There is a federal law, called the Personal Information Protection and Electronic Documents Act (PIPEDA), which is intended to protect Canadian consumers, but falls short of the mark. The act basically states that companies must ask for your consent before they collect your personal information and it provides guidelines for how a company can use or disclose information about you once they’ve obtained it.
We do have ways to report a fraud if we discover one. In 1993 the RCMP and the Ontario Provincial Police created Phonebusters, a national anti-fraud call center. Phonebusters informs people about deceptive telemarketing scams and it’s also the place to report cases of online and telephone fraud.
There’s also Reporting Economic Crime Online (RECOL), which is a web-based center. The RECOL website describes it as an “initiative that involves an integrated partnership between international, federal, and provincial law enforcement agencies.” But even with all those agencies working together, it’s still up to us to discover if a fraud has been perpetrated.
Two years ago, the government of California took action to protect its residents from identity theft and fraud. A new bill was created to force businesses and government agencies to inform residents of security breaches that may affect them. The California Security Breach Information Act (S.B. 1386) was the first of its kind in the U.S. when it came into effect on July 1, 2003. Today, over 20 other U.S. states have passed, or are considering, similar laws.
In Canada, the most we’ve managed is to call February “Fraud Awareness Month” and to designate November third as “Anti-Phishing Day.” The Canadian government seems to believe that if we educate ourselves about the dangers of online fraud and identity theft, we’ll be savvy enough not to fall for them.
But it shouldn’t only be our responsibility. Companies should be obligated to inform customers when their personal information may have been leaked. Canadians have the right to know when their identities or finances have been compromised before they end up paying the price.