Database breaches on companies put at risk a large amount of personal information that can be accessed by third parties. Canadians, in general, will feel the impact of these database breaches through their identities being used in fraudulent activity. The literature suggests that database breaches are a large and growing issue, identity theft is rising, and the current victims are not given enough options to protect themselves from the identity theft that uses information obtained in database breaches. This paper attempts to fill the gaps in the Canadian regulatory environment by evaluating policies for either reducing the impact of database breaches or reducing the impact on victims of identity theft. Four policy options are presented with a focus on creating a strong regulator, enacting baseline standards, comprehensive reporting and data collection, or protection services.
Copyright is held by the author.
This thesis may be printed or downloaded for non-commercial research and scholarly purposes.
Member of collection