Uber Hack: Wasser says Uber breach may put pressure on Government to expedite PIPEDA breach reporting requirements for Canadian Press  

news & knowledge 

November 30, 2017


Uber admitted Tuesday that hackers stole names, email addresses and mobile phone numbers of 57 million riders close to a year ago. It has also acknowledged that it paid US$100,000 to the thieves to have the data destroyed.

The theft of details on millions of Uber customers, and the company’s efforts to cover up the breach, have raised alarms among privacy experts and renewed calls for better data protection laws in Canada.

Changes to the Personal Information Protection and Electronic Documents Act that would require disclosure of breaches and fines for non-compliance are on the way, with public consultations having wrapped up in early October.

The government hasn’t said when the changes may come into force, but the Uber breach will only add to the urgency to do so, said cybersecurity and privacy lawyer Lyndsay Wasser of McMillan LLP.

“The number of high-profile breaches that have been happening is probably putting some pressure on the government to move this along,” Wasser told Canadian Press.  

Even when the law is in place though, the Privacy Commissioner will have limited abilities to punish offenders with a maximum fine of $100,000 for not disclosing a breach, said Wasser.

To read the Canadian Press article in full head to the Financial Post.