While researching this article on the privacy implications of offshore outsourcing, I corresponded via E-mail with Ottawa Law School Professor Michael A. Geist. He offered an interesting answer to one question that didn't make it into the final copy. He observes that Canadian companies found violating the privacy of others get to keep their own privacy -- the names of the companies in question don't get released.

Are you aware of examples (particularly involving outsourced data) in which Canadian companies have been prosecuted for privacy violations? If so, has there been a comparable situation in the U.S. that resulted in a different legal outcome?

Geist: Sure. There have been over 200 findings from the federal privacy commissioner dealing with claims of violations of the privacy law (it has been in effect for federally regulated businesses -- banks, broadcasters, etc. since 2001). Many have involved well-founded findings of privacy infringement. It is noteworthy, however, that the Commissioner has typically kept the names of the companies involved anonymous and there have been few if any real damage claims arising from these findings. What they have done, however, has been to cause organizations to change some of their data collection
practices. I don't recall an outsourcing case.