_This is a guest contribution from Amanda Maltby._
Federal Privacy Commissioner Jennifer Stoddart “issued her findings this week”:http://www.privcom.gc.ca/media/nr-c/2005/nr-c_050418_e.asp on the much-publicized case involving misdirected faxes containing customer information that were sent by “CIBC”:http://www.cibc.com/ca/personal.html to several unrelated third parties. The Commissioner’s office investigated when several CIBC customers complained that their personal data had been faxed to a U.S. and Quebec-based company over the course of a three-year period without their knowledge or consent.
While the Commissioner deliberated specifically on the bank’s practices, she also spoke more broadly about the impact these findings could have on any organization that collects, uses or discloses personal information for commercial purposes. And she’s right.
When the federal privacy law came into force across Canada in 2004, most in the private sector developed privacy policies and named chief privacy officers to meet the law’s minimal requirements. That’s great as long as you don’t make any mistakes with your customer’s personal information, your suppliers don’t make any mistakes with this information and those mistakes don’t get in the press. In the unfortunate case of CIBC most of these things occurred.
_Amanda Maltby recently joined “Ipsos-Reid Public Affairs”:http://www.ipsos.ca/pa/ as a Senior Vice President in the Toronto office. She brings over 15 years of insight and practical experience in public policy, communications strategy and opinion research on a wide range of economic and social issues in both the private and public sector environments._