Penalties for Equifax data breach not as strong in Canada as in U.S.: lawyers

TORONTO _ Equifax is facing investigations in both Canada and the U.S. into its massive data breach, but lawyers say the punitive threat by regulators is stronger south of the border.

Canada’s privacy commissioner said Friday that it started a probe into the cyberattack, one day after the U.S. consumer watchdog said it was investigating.

A Toronto cybersecurity and privacy lawyer says that if the credit monitoring company is found to have failed to do enough to protect consumers’ data, the Federal Trade Commission in the U.S. can issue hefty fines.

Lyndsey Wasser says that Canada’s privacy watchdog cannot hand down fines but can recommend the company make changes and sign an agreement urging them to comply.

Ottawa lawyer Tamir Israel points to the hacking of Canadian affair-seeking website Ashley Madison, which paid $1.6 million US to settle with the FTC but was not fined in Canada.

Equifax said on Sept. 7 that it fell victim to a massive cyberattack in the summer that may have compromised the personal data of 143 million Americans and a limited number of Canadian and U.K. residents.