Vendors say Feds should enforce data encryption

A proposed amendment to the Criminal Code that would add a new offence for possessing other people’s personal information with the intent to commit fraud, could help law enforcement combat identify theft, according to some Canadian IT security experts.

Bill C-27, tabled in the House of Commons Wednesday by the Conservative government, would amend the current law, which makes it a crime if fraud is committed, or is in the act of being committed.

But the federal government also wants to make it illegal to obtain or possess identity information with the intention of committing crimes, or to traffic identity information knowing it could be used to commit crimes.

As reported in

17 charged in $35 million ID theft bust

The proposal makes sense because if a person or organization is found hoarding data they aren’t authorized to have, then “it’s a sure thing that their intent is to misuse this sensitive information,” said Brian Muir, vice-president of business development with Concord, Ont.-based value-added distributor of security products Simple Technology Inc.

While granting authorities the tools to prosecute against personal data collection is a good first step, it doesn’t stop there, said Muir, adding there still need for standards to protect personal data.

The availability of encryption and other technologies, he said, can enable businesses to protect data at rest and in transit, be it in a database, on a laptop or a USB key.

But businesses also have the responsibility of ensuring employees don’t steal customers’ personal data for their own purposes, he said, by ensuring that only those authorized to access that information is doing so.

Muir suggests using two-factor identification technologies – whereby two different methods are used to authenticate identity – to not only ensure access by authorized staff, but to provide necessary audit trails and the comfort to employees that they won’t be wrongly accused of accessing sensitive data. Although such tools are readily available, he said, most often businesses fail to use them.

“For businesses, the spin-off of using these new technologies is far reaching, being that they can protect all of their intellectual property and not just the information covered in the theft legislation,” said Muir. It’s not adequate to make collection and possession of others’ personal information a crime, agreed Philippa Lawson, director of the Ottawa, Ont.-based Canadian Internet Policy and Public Interest Clinic (CIPPIC).

She suggested there be an enforcement of other measures. For example, she added, companies and government departments should be given incentives to employ appropriate security measures around customer data.

“If the government is serious about this issue, we expect to see much more in the way of the law and policy reform focusing on other actors who contribute to this problem through their negligence,” said Lawson.

Besides identity theft legislation, the country needs legislation to address personal data security especially considering it’s something the average person has no control over, said Muir.

The government should also legislate the encryption and protection against theft of sensitive data, Muir said. “You have to prove that the person that’s accessing it is authorized to access it and prove that you’ve taken whatever safeguards are possible to make sure that others can’t.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now