Canada's privacy commissioner Jennifer Stoddart wants the power to impose "attention-getting fines" when major corporations fail to protect Canadians' personal information.
Her statement comes in the wake of massive security breaches first disclosed by Sony last week, which may have affected more than 100 million user accounts worldwide.
The company warned that data including names, birth dates, e-mail addresses and log-in information was compromised. Sony also said encrypted credit card data from 10 million accounts may have been accessed, although it could not say with any certainty.
In a speech delivered in Stratford, Ont., on Wednesday, Stoddart said she was "very disappointed" that Sony did not proactively notify her of the breach. But Stoddart said the company has been co-operative since being contacted by her office.
"Still, I remain deeply troubled by the large number of major breaches we are seeing. Too many companies are collecting more personal information than they are able to effectively protect," she said.
"I have come to the conclusion that the only way to get some corporations to pay adequate attention to their privacy obligations is by introducing the potential for large fines that would serve as an incentive for compliance."
A $1-billion class action lawsuit was announced in Ontario on Tuesday on behalf of as many as 1 million affected Canadians.