itWorldCanada has an article today about the part of the proposed identity theft law that would make it a crime to be “reckless” about making personal information available to one who intends to use it for fraud. I am quoted in the article.

The exact wording of the section is:

Everyone commits an offence who transmits, makes available, distributes, sells or offers for sale another person’s identity information, or has it in their possession for any of those purposes, knowing or believing that or being reckless as to whether the information will be used to commit an indictable offence that includes fraud, deceit or falsehood as an element of the offence

Food for thought: Is this a backdoor way to put some criminal teeth in the security requirements of PIPEDA? If an organization was to leave personal data where it is easily found and unprotected, would that “make it available”, and be reckless?

Read the itWorldCanada article