Last week the Canadian Imperial Bank of Commerce (CIBC) announced that it had lost a hard drive containing personal information on almost 500,000 mutual fund customers. CIBC does not have the best track record for security, but for two years has had a clean security bill of health.

Now, people are wondering, just how safe is their personal banking information?

In Canada, there’s even a pesky little law that is so stringent on privacy of Canadians that companies don’t have to inform customers when their data goes missing. How messed up is that?

“Individuals in today’s world are very, very exposed to privacy theft,” said David Young, co-chair of the privacy law group at Lang Michener LLP. “There are instances occurring on quite a regular basis, and they never reach the media.”

So, how can people ensure that their information does not lead to potential fraud, and how can companies & governments ensure the data never is lost?

First is legislation - updating privacy laws. In Canada, that means telling people when there is a breach of security. This could lead to more public pressure to clean things up. More than 30 US States already have this mandatory reporting in place.

Second, understanding when a breach is significant. Not all lost laptops contain personal information.

Third, put in place penalties for breaches that go beyond just being embarassed - placing a fiscal outcome on significant breaches. This could trigger a whole new wave of companies attempting to strengthen their security protocols internally, as well as externally (laptops).

Via Globe & Mail ; Tags: cibc, laptop theft, data theft, fraud, privacy laws, legislation